A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.

This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00031.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Cisco Cisco Enterprise NFV Infrastructure Software unknown
Version Status Constraints
4.1.1 affected
3.9.1 affected
3.5.2 affected
3.12.2 affected
3.6.2 affected
3.9.2 affected
3.11.3 affected
3.11.1 affected
3.5.1 affected
3.3.1 affected
3.10.2 affected
3.12.1b affected
3.4.1 affected
3.12.1a affected
3.6.3 affected
3.8.1 affected
3.11.2 affected
3.12.1 affected
3.12.3 affected
3.10.1 affected
3.6.1 affected
3.10.3 affected
3.7.1 affected
4.1.2 affected
4.2.1 affected
4.2.2 affected
4.4.1 affected
4.4.2 affected
4.5.1 affected
4.4.3 affected
4.6.1 affected
4.7.1 affected
4.6.2-FC2 affected
4.6.2-FC3 affected
4.6.2 affected
4.8.1 affected
4.8.2 affected
4.9.1 affected
4.6.3 affected
4.9.2-FC5 affected
4.9.2 affected
4.10.1 affected
4.9.3 affected
4.11.1 affected
4.9.4 affected
4.12.1 affected
4.6.4 affected
4.12.2 affected
4.13.1 affected
4.9.4-ES8 affected
4.9.5 affected
4.12.3 affected
4.6.5-ES1 affected
4.9.4-ES9 affected
4.14.1 affected
4.6.3-FC4 affected
4.9.4-FC3 affected
4.12.4 affected
4.15.1 affected
4.9.6 affected
4.16.1 affected
4.15.2 affected
4.12.5 affected
4.15.3 affected
4.15.4 affected
4.18.1 affected
4.12.6 affected
4.18.2 affected
4.18.2a affected
Cisco Cisco Unified Computing System (Standalone) unknown
Version Status Constraints
4.0(2g) affected
3.1(2i) affected
3.1(1d) affected
4.0(4i) affected
4.1(1c) affected
4.0(2c) affected
4.0(1e) affected
4.0(2h) affected
4.0(4h) affected
4.0(1h) affected
4.0(2l) affected
3.1(3g) affected
4.0(1.240) affected
4.0(2f) affected
4.0(1g) affected
4.0(2i) affected
3.1(3i) affected
4.0(4d) affected
4.1(1d) affected
3.1(3c) affected
4.0(4k) affected
3.1(2d) affected
3.1(3a) affected
3.1(3j) affected
4.0(2d) affected
4.1(1f) affected
4.0(1c) affected
4.0(4f) affected
4.0(4c) affected
3.1(3d) affected
3.1(2g) affected
3.1(2c) affected
4.0(1d) affected
3.1(2e) affected
4.0(1a) affected
4.0(1b) affected
3.1(3b) affected
4.0(4b) affected
3.1(2b) affected
4.0(4e) affected
3.1(3h) affected
4.0(4l) affected
4.1(1g) affected
4.1(2a) affected
4.0(2n) affected
4.1(1h) affected
3.1(3k) affected
4.1(2b) affected
4.0(2o) affected
4.0(4m) affected
4.1(2d) affected
4.1(3b) affected
4.0(2p) affected
4.1(2e) affected
4.1(2f) affected
4.0(4n) affected
4.0(2q) affected
4.1(3c) affected
4.0(2r) affected
4.1(3d) affected
4.1(2g) affected
4.1(2h) affected
4.1(3f) affected
4.1(2j) affected
4.1(2k) affected
4.1(3h) affected
4.2(2a) affected
4.1(3i) affected
4.2(2f) affected
4.2(2g) affected
4.2(3b) affected
4.1(3l) affected
4.2(3d) affected
4.3(1.230097) affected
4.2(1e) affected
4.2(1b) affected
4.2(1j) affected
4.2(1i) affected
4.2(1f) affected
4.2(1a) affected
4.2(1c) affected
4.2(1g) affected
4.3(1.230124) affected
4.1(2l) affected
4.2(3e) affected
4.3(1.230138) affected
4.2(3g) affected
4.3(2.230207) affected
4.2(3h) affected
4.2(3i) affected
4.3(2.230270) affected
4.1(3m) affected
4.1(2m) affected
4.3(2.240002) affected
4.3(3.240022) affected
4.2(3j) affected
4.1(3n) affected
4.3(2.240009) affected
4.3(3.240043) affected
4.3(4.240142) affected
4.3(2.240037) affected
4.3(2.240053) affected
4.3(4.240152) affected
4.2(3l) affected
4.3(2.240077) affected
4.3(4.242028) affected
4.3(4.241063) affected
4.3(4.242038) affected
4.2(3m) affected
4.3(2.240090) affected
4.3(5.240021) affected
4.3(2.240107) affected
4.3(4.242066) affected
4.2(3n) affected
4.3(5.250001) affected
4.2(3o) affected
4.3(2.250016) affected
4.3(2.250021) affected
4.3(5.250030) affected
4.3(2.250022) affected
4.3(6.250040) affected
4.3(5.250033) affected
4.3(6.250044) affected
4.3(6.250053) affected
4.3(2.250037) affected
4.3(2.250045) affected
4.3(4.252001) affected
4.3(4.252002) affected
6.0(1.250127) affected
4.2(3p) affected
6.0(1.250131) affected
4.3(6.250101) affected
4.3(6.250117) affected
4.3(5.250043) affected
4.3(6.250039) affected
4.3(5.250045) affected
4.3(6.250060) affected
6.0(1.250130) affected
4.3(4.241014) affected
4.3(2.250063) affected
4.3(6.260003) affected
Cisco Cisco Unified Computing System E-Series Software (UCSE) unknown
Version Status Constraints
3.2.7 affected
3.2.6 affected
3.2.4 affected
3.2.10 affected
3.2.2 affected
3.2.3 affected
2.4.0 affected
3.2.1 affected
3.2.11.1 affected
3.2.8 affected
3.1.1 affected
3.0.2 affected
2.1.0 affected
2.2.2 affected
3.1.2 affected
3.0.1 affected
2.3.2 affected
2.3.5 affected
2.2.1 affected
3.1.4 affected
2.4.1 affected
2.3.1 affected
3.1.3 affected
2.3.3 affected
2.4.2 affected
3.1.5 affected
3.1.0 affected
2.0.0 affected
3.2.11.3 affected
3.2.11.5 affected
3.2.12.2 affected
3.2.13.6 affected
3.2.14 affected
4.11.1 affected
3.2.15 affected
4.12.1 affected
3.2.15.3 affected
4.12.2 affected
3.2.16.1 affected
4.00 affected
4.15.2 affected
4.02 affected

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn cve-icon cve-icon
History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.
Title Cisco Integrated Management Controller Authentication Bypass Vulnerability
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-04-02T03:56:12.925Z

Reserved: 2025-10-08T11:59:15.368Z

Link: CVE-2026-20093

cve-icon Vulnrichment

Updated: 2026-04-01T18:16:05.809Z

cve-icon NVD

Status : Received

Published: 2026-04-01T17:28:29.027

Modified: 2026-04-01T17:28:29.027

Link: CVE-2026-20093

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses