Cisco Integrated Management Controller Flaws Enable Command Injection and RCE
Cisco disclosed command injection and remote code execution vulnerabilities affecting Cisco Integrated Management Controller (CIMC), warning that the flaws could allow an attacker to execute arbitrary commands or code on impacted systems. The advisory identifies the issue as affecting CIMC and frames it as a serious compromise path into server management infrastructure, where successful exploitation could give an attacker control over administrative functions and underlying devices.
The vulnerabilities were published in a Cisco security advisory under the topic "Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities." Organizations using Cisco CIMC are expected to review the vendor advisory, determine whether exposed or internet-reachable management interfaces are affected, and apply Cisco-provided fixes or mitigations to reduce the risk of unauthorized command execution on management controllers.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Cisco discloses CIMC command injection and RCE vulnerabilities
Cisco published a security advisory for Cisco Integrated Management Controller vulnerabilities involving command injection and remote code execution. No additional technical details, exploitation information, or remediation timeline are provided in the reference content.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities
sec.cloudapps.cisco.com
Open sourceCisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities
sec.cloudapps.cisco.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Critical Cisco IMC Flaws Enable Authentication Bypass and Root Compromise
Cisco disclosed multiple vulnerabilities in its Integrated Management Controller (**IMC**), including the critical `CVE-2026-20093`, which allows a remote, unauthenticated attacker to send a crafted HTTP request to bypass authentication and change passwords for existing users, including the primary Admin account. Cisco rated the flaw **CVSS 9.8** and said no workarounds or mitigations are available, making vendor-issued software updates the only effective fix; the company added that it has no evidence of active exploitation or public malicious use. Additional advisories cover `CVE-2026-20094` through `CVE-2026-20097`, spanning command injection and arbitrary code execution issues that could let attackers execute commands or code as `root` and fully compromise affected systems. Impacted products include Cisco UCS C-Series and S-Series servers, UCS E-Series systems, Catalyst 8300 Series Edge uCPE, 5000 Series ENCS, and other Cisco appliances built on vulnerable UCS platforms, with Cisco publishing fixed-version guidance and upgrade paths while runZero released an inventory query to help organizations identify exposed IMC assets.
Apr 3, 2026
Cisco Catalyst SD-WAN Manager Flaws Expose XSS and Multiple Vulnerabilities
dCERT issued advisories for **Cisco Catalyst SD-WAN Manager** and the **SD-WAN Controller**, warning of multiple security flaws affecting core SD-WAN management components. One advisory covers several vulnerabilities across the management platform and controller, indicating broader exposure in systems used to administer and orchestrate enterprise SD-WAN environments. A separate dCERT advisory identifies a **cross-site scripting (XSS)** vulnerability in Cisco Catalyst SD-WAN Manager, highlighting the risk that attackers could inject malicious script into the web-based management interface. Together, the notices point to security weaknesses in Cisco SD-WAN administrative infrastructure that could affect the confidentiality and integrity of management sessions and require prompt review and remediation by defenders.
Apr 21, 2026
Cisco ISE Flaws Expose Networks to RCE and Sensitive Data Disclosure
Cisco disclosed two vulnerabilities in **Cisco Identity Services Engine (ISE)** and **Cisco ISE Passive Identity Connector (ISE-PIC)**, including the critical remote code execution flaw `CVE-2026-20181` and the high-severity information disclosure flaw `CVE-2026-20190`. Cisco said `CVE-2026-20181` carries a CVSS score of **9.1** and can let an authenticated attacker with valid administrative credentials execute arbitrary commands, obtain user-level access, potentially escalate privileges to root, and in single-node deployments trigger a denial-of-service condition. The second flaw, rated **7.5**, can allow an unauthenticated attacker to access sensitive information such as hashed credentials because of improper authorization checks. The affected software includes all releases prior to **3.3**, versions before **3.3 Patch 11** in release 3.3, versions before **3.4 Patch 6** in release 3.4, and versions before **3.5 Patch 4** in release 3.5, according to the Canadian Centre for Cyber Security notice summarizing Cisco’s advisories. Cisco said the vulnerabilities are independent, no workarounds are available, and no confirmed exploitation had been reported at disclosure time. Authorities urged administrators to review Cisco’s advisories and apply the available updates immediately.
Jun 21, 2026