Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.
This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.
Articles & Coverage 1
AnalysisAI
Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment.
Technical ContextAI
Cisco Integrated Management Controller provides out-of-band management for Cisco UCS servers and network function virtualization infrastructure. This vulnerability stems from CWE-20 (Improper Input Validation) in the password change functionality, where the application fails to properly validate or authenticate password modification requests. The affected CPE entries indicate impact across multiple Cisco UCS product lines: Enterprise NFV Infrastructure Software, Unified Computing System Standalone configurations, and UCS E-Series deployments. The flaw allows manipulation of the password change mechanism through crafted HTTP requests, bypassing the authentication layer entirely. This represents a critical failure in identity and access management controls at the hardware management layer, where IMC typically operates with privileged access to physical and virtual infrastructure components.
RemediationAI
Organizations should immediately consult the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn for vendor-recommended remediation steps and patched software versions. As an immediate risk mitigation measure, restrict network access to Cisco IMC interfaces using firewall rules or access control lists, allowing connections only from trusted management networks or jump hosts. Disable external or internet-facing access to IMC interfaces entirely if not operationally required. Implement network segmentation to isolate management plane traffic from production networks. Monitor IMC access logs for unauthorized password change attempts or suspicious authentication activity. Enable multi-factor authentication if supported in patched versions. Given the unauthenticated nature of the exploit, network-layer controls are critical until patches can be deployed. Organizations should prioritize patching based on exposure risk, addressing internet-accessible or DMZ-located UCS infrastructure first.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17947