Platform
cisco
Component
cisco-imc
Fixed in
4.0.1
3.1.1
3.1.1
4.0.1
4.1.1
4.0.1
4.0.1
4.0.1
4.0.1
4.0.1
4.0.1
3.1.1
4.0.1
4.0.1
4.0.1
4.0.1
3.1.1
4.0.1
4.1.1
3.1.1
4.0.1
3.1.1
3.1.1
3.1.1
4.0.1
4.1.1
4.0.1
4.0.1
4.0.1
4.0.1
4.0.1
4.0.1
3.1.1
3.1.1
3.1.1
4.0.1
3.1.1
4.0.1
4.0.1
3.1.1
4.0.1
3.1.1
4.0.1
3.1.1
4.0.1
4.1.1
4.1.1
4.0.1
4.1.1
3.1.1
4.1.1
4.0.1
4.0.1
4.1.1
4.1.1
4.0.1
4.1.1
4.1.1
4.0.1
4.0.1
4.1.1
4.0.1
4.1.1
4.1.1
4.1.1
4.1.1
4.1.1
4.1.1
4.1.1
4.1.1
4.2.1
4.1.1
4.2.1
4.2.1
4.2.1
4.1.1
4.2.1
4.3.1
4.2.1
4.2.1
4.2.1
4.2.1
4.2.1
4.2.1
4.2.1
4.2.1
4.3.1
4.1.1
4.2.1
4.3.1
4.2.1
4.3.1
4.2.1
4.2.1
4.3.1
4.1.1
4.1.1
4.3.1
4.3.1
4.2.1
4.1.1
4.3.1
4.3.1
4.2.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.2.1
4.3.1
4.3.1
4.3.1
4.3.1
4.2.1
4.3.1
4.3.1
4.3.1
4.3.1
4.2.1
4.3.1
4.2.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
4.3.1
6.0.1
4.2.1
6.0.1
4.3.1
6.0.1
4.3.1
4.3.1
4.3.1
4.3.1
6.0.1
4.3.1
4.3.1
6.0.1
4.3.1
6.0.1
3.2.8
3.2.7
3.2.5
3.2.11
3.2.3
3.2.4
2.4.1
3.2.2
3.2.12
3.2.9
3.1.2
3.0.3
2.1.1
2.2.3
3.1.3
3.0.2
2.3.3
2.3.6
2.2.2
3.1.5
2.4.2
2.3.2
3.1.4
2.3.4
2.4.3
3.1.6
3.1.1
2.0.1
3.2.12
3.2.12
3.2.13
3.2.14
3.2.15
4.11.2
3.2.16
4.12.2
3.2.16
4.12.3
3.2.17
4.15.3
CVE-2026-20094 is a command injection vulnerability affecting the web-based management interface of Cisco Integrated Management Controller (IMC). This vulnerability allows an authenticated, remote attacker with read-only privileges to execute arbitrary commands as the root user on the affected system. The vulnerability exists due to improper validation of user-supplied input in versions up to and including 6.0(1.250194). Currently, there is no official patch available to address this vulnerability.
CVE-2026-20094 affects Cisco Unified Computing System (Standalone) and represents a critical vulnerability in the web-based management interface of Cisco IMC. An authenticated, remote attacker with read-only privileges can perform command injection attacks on an affected system and execute arbitrary commands as the root user. The CVSS score has been rated at 8.8, indicating a high risk. This vulnerability is due to improper validation of user-supplied input, allowing malicious commands to be injected through the web interface. Successful execution as root provides the attacker with complete control over the system, potentially leading to data loss, service disruption, or unauthorized access to sensitive information. The lack of a fix available exacerbates the situation, requiring immediate mitigation measures.
An attacker with read-only privileges in the Cisco IMC web interface can exploit this vulnerability by sending specially crafted commands through the interface. The lack of adequate input validation allows these commands to be executed directly on the underlying operating system with root privileges. The attacker does not need prior access to the system, only the ability to authenticate with read-only privileges. Successful exploitation requires a basic understanding of the affected operating system's command syntax. The nature of the vulnerability allows for a wide range of attacks, including malware installation, configuration file modification, and theft of sensitive data. The absence of a fix means systems remain vulnerable until mitigation measures are implemented.
Exploit Status
EPSS
0.41% (61% percentile)
CISA SSVC
CVSS Vector
Given that no official fix is provided by Cisco, mitigating CVE-2026-20094 requires a proactive and careful approach. Restricting access to the Cisco IMC web interface to authorized users with the minimum necessary privileges is highly recommended. Implementing strict access controls, such as multi-factor authentication (MFA), can help reduce the risk of unauthorized access. Continuously monitoring system logs for suspicious activity or command injection attempts is crucial. Consider network segmentation to isolate affected systems and limit the potential impact of a successful exploit. While there is no direct solution, implementing these security measures can help mitigate the risk until an official fix is available.
Cisco ha lanzado actualizaciones de software para abordar esta vulnerabilidad. Se recomienda actualizar a una versión corregida lo antes posible. Consulte la advisory de Cisco para obtener más detalles sobre las versiones afectadas y las actualizaciones disponibles: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt
Vulnerability analysis and critical alerts directly to your inbox.
It indicates a high risk, meaning the vulnerability is easily exploitable and can have a significant impact on system security.
No, there is currently no official fix provided by Cisco. Mitigation measures are recommended.
An attacker needs read-only privileges in the Cisco IMC web interface.
Monitor system logs for suspicious activity, such as unknown commands or unauthorized access attempts.
Isolate the affected system from the network, perform a forensic investigation, and consider restoring from a clean backup.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.