Skip to main content

Cisco EUVDEUVD-2026-17952

| CVE-2026-20096 MEDIUM
Command Injection (CWE-77)
2026-04-01 cisco GHSA-3w5r-3hp5-3v3p
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 17:30 euvd
EUVD-2026-17952
Analysis Generated
Apr 01, 2026 - 17:30 vuln.today
CVE Published
Apr 01, 2026 - 16:29 nvd
MEDIUM 6.5

DescriptionCVE.org

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.

This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.

AnalysisAI

Command injection in Cisco IMC web management interface allows authenticated admin-level attackers to execute arbitrary commands as root through improper input validation. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series platforms. No public exploit code or active exploitation confirmed at time of analysis, but the high-privileged context and root-level impact necessitate swift patching.

Technical ContextAI

Cisco Integrated Management Controller (IMC) is a baseboard management controller providing out-of-band management for Cisco UCS and related infrastructure platforms via a web-based interface. The vulnerability stems from CWE-77 (Improper Neutralization of Special Elements used in a Command), a command injection flaw where user-supplied input to the management interface is not properly validated before being passed to system command execution contexts. This allows authenticated administrators to inject shell metacharacters or command sequences that the underlying operating system interprets as additional commands, bypassing intended restrictions. The affected products include Cisco Enterprise NFV Infrastructure Software and Cisco UCS deployments (both standalone and E-Series variants), all of which rely on IMC for management operations.

RemediationAI

Apply the patch released by Cisco for IMC. Consult the official Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt for specific fixed IMC firmware versions for each affected platform (Enterprise NFV Infrastructure, UCS standalone, and UCS E-Series). Until patches can be deployed, enforce strict network access controls to limit web-based management interface access to trusted administrative networks only, and audit IMC admin accounts for unauthorized activity or anomalous command patterns. Prioritize patching UCS and NFV infrastructure systems that manage critical business services or contain sensitive data.

Share

EUVD-2026-17952 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy