Search criteria
38 vulnerabilities found for Cisco Unified Computing System (Standalone) by Cisco
CVE-2026-20097 (GCVE-0-2026-20097)
Vulnerability from nvd ā Published: 2026-04-01 16:29 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Remote Code Execution Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
Cisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:16.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user.\u0026nbsp;This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.\r\n\r\nCisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:30.232Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60925"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20097",
"datePublished": "2026-04-01T16:29:00.607Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-22T19:09:30.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20096 (GCVE-0-2026-20096)
Vulnerability from nvd ā Published: 2026-04-01 16:29 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Command Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
Severity ?
6.5 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:17.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and\u0026nbsp;execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:33.637Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60894"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20096",
"datePublished": "2026-04-01T16:29:03.545Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-22T19:09:33.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20095 (GCVE-0-2026-20095)
Vulnerability from nvd ā Published: 2026-04-01 16:28 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Command Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
Severity ?
6.5 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:14.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and\u0026nbsp;execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:41.775Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60889"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20095",
"datePublished": "2026-04-01T16:28:47.898Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-22T19:09:41.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20094 (GCVE-0-2026-20094)
Vulnerability from nvd ā Published: 2026-04-01 16:28 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Command Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.
Severity ?
8.8 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:15.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:45.612Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60021"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20094",
"datePublished": "2026-04-01T16:28:50.641Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-22T19:09:45.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20093 (GCVE-0-2026-20093)
Vulnerability from nvd ā Published: 2026-04-01 16:28 ā Updated: 2026-04-02 03:56
VLAI?
Title
Cisco Integrated Management Controller Authentication Bypass Vulnerability
Summary
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.
This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 4.3(6.260003) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:12.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as\u0026nbsp;Admin.\r\n\r\nThis vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an\u0026nbsp;Admin user, and gain access to the system as that user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:28:38.714Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-auth-bypass-AgG2BxTn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn"
}
],
"source": {
"advisory": "cisco-sa-cimc-auth-bypass-AgG2BxTn",
"defects": [
"CSCwq55659"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20093",
"datePublished": "2026-04-01T16:28:38.714Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-02T03:56:12.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20090 (GCVE-0-2026-20090)
Vulnerability from nvd ā Published: 2026-04-01 16:34 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:43:50.354293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:44:31.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:52.272Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60948"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20090",
"datePublished": "2026-04-01T16:34:57.753Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-22T19:09:52.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20089 (GCVE-0-2026-20089)
Vulnerability from nvd ā Published: 2026-04-01 16:34 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:44:47.477553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:45:22.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:56.418Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60944"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20089",
"datePublished": "2026-04-01T16:34:48.793Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-22T19:09:56.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20088 (GCVE-0-2026-20088)
Vulnerability from nvd ā Published: 2026-04-01 16:34 ā Updated: 2026-04-22 19:10
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 3.2.15 Affected: 3.2.15.3 Affected: 3.2.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:55:03.494571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:55:20.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "3.2.16.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:10:02.232Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60943"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20088",
"datePublished": "2026-04-01T16:34:40.845Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-22T19:10:02.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20087 (GCVE-0-2026-20087)
Vulnerability from nvd ā Published: 2026-04-01 16:34 ā Updated: 2026-04-22 19:10
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a Affected: 4.15.5 |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:50:01.177510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:50:56.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
},
{
"status": "affected",
"version": "4.15.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:10:11.956Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60933"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20087",
"datePublished": "2026-04-01T16:34:40.865Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-22T19:10:11.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20085 (GCVE-0-2026-20085)
Vulnerability from nvd ā Published: 2026-04-01 16:27 ā Updated: 2026-04-22 19:10
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:14:21.097192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:14:27.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:10:14.472Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60930"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20085",
"datePublished": "2026-04-01T16:27:58.940Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-22T19:10:14.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20342 (GCVE-0-2025-20342)
Vulnerability from nvd ā Published: 2025-08-27 16:23 ā Updated: 2025-08-27 17:38
VLAI?
Title
Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device.
Note: The affected vKVM client is also included in Cisco UCS Manager.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(5e) |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
2.0(1a)
Affected: 4.0(2g) Affected: 2.0(13f) Affected: 3.0(4n) Affected: 2.0(3e)1 Affected: 3.0(3e) Affected: 2.0(8h) Affected: 2.0(10g) Affected: 3.1(2i) Affected: 3.0(3c) Affected: 3.0(4m) Affected: 3.1(1d) Affected: 3.0(3a) Affected: 3.0(1d) Affected: 2.0(9o) Affected: 2.0(13n) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 2.0(13q) Affected: 2.0(3j)1 Affected: 4.0(2c) Affected: 2.0(9n) Affected: 4.0(1e) Affected: 2.0(13o) Affected: 2.0(6f) Affected: 2.0(10c) Affected: 2.0(8d) Affected: 2.0(9m) Affected: 4.0(2h) Affected: 3.0(4j) Affected: 2.0(10i) Affected: 3.0(3f) Affected: 2.0(10l) Affected: 2.0(12e) Affected: 2.0(12i) Affected: 2.0(10h) Affected: 2.0(13e) Affected: 3.0(4k) Affected: 2.0(10b) Affected: 2.0(6d) Affected: 2.0(12b) Affected: 4.0(4h) Affected: 2.0(12h) Affected: 2.0(10f) Affected: 3.0(4l) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 2.0(3i) Affected: 2.0(3f)3 Affected: 3.0(4a) Affected: 2.0(13p) Affected: 2.0(9l) Affected: 2.0(12g) Affected: 2.0(12c) Affected: 2.0(12f) Affected: 2.0(13k) Affected: 3.0(3b) Affected: 2.0(1b) Affected: 3.1(3g) Affected: 2.0(4c) Affected: 4.0(1.240) Affected: 2.0(12d) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 3.0(4d) Affected: 3.0(2b) Affected: 2.0(3d)2 Affected: 2.0(3d)1 Affected: 2.0(9f) Affected: 2.0(13h) Affected: 3.0(4e) Affected: 2.0(8g) Affected: 4.0(2i) Affected: 2.0(10e) Affected: 2.0(13i) Affected: 2.0(9c) Affected: 2.0(4c)1 Affected: 3.0(1c) Affected: 2.0(8e) Affected: 2.0(9e) Affected: 2.0(9p) Affected: 3.1(3i) Affected: 3.0(4i) Affected: 2.0(10k) Affected: 3.0(4o) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 3.0(4p) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 3.0(4q) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 3.0(4r) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 3.0(4s) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(2.250022) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 2.02 Affected: 4.00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T17:19:43.762688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T17:38:30.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.618Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-kvmsxss-6h7AnUyk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk"
}
],
"source": {
"advisory": "cisco-sa-ucs-kvmsxss-6h7AnUyk",
"defects": [
"CSCwm57433"
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20342",
"datePublished": "2025-08-27T16:23:18.618Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-08-27T17:38:30.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20317 (GCVE-0-2025-20317)
Vulnerability from nvd ā Published: 2025-08-27 16:23 ā Updated: 2025-08-27 18:52
VLAI?
Title
Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability
Summary
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.
This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.
Note: The affected vKVM client is also included in Cisco UCS Manager.
Severity ?
7.1 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(5e) |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
2.0(1a)
Affected: 4.0(2g) Affected: 2.0(13f) Affected: 3.0(4n) Affected: 2.0(3e)1 Affected: 3.0(3e) Affected: 2.0(8h) Affected: 2.0(10g) Affected: 3.1(2i) Affected: 3.0(3c) Affected: 3.0(4m) Affected: 3.1(1d) Affected: 3.0(3a) Affected: 3.0(1d) Affected: 2.0(9o) Affected: 2.0(13n) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 2.0(13q) Affected: 2.0(3j)1 Affected: 4.0(2c) Affected: 2.0(9n) Affected: 4.0(1e) Affected: 2.0(13o) Affected: 2.0(6f) Affected: 2.0(10c) Affected: 2.0(8d) Affected: 2.0(9m) Affected: 4.0(2h) Affected: 3.0(4j) Affected: 2.0(10i) Affected: 3.0(3f) Affected: 2.0(10l) Affected: 2.0(12e) Affected: 2.0(12i) Affected: 2.0(10h) Affected: 2.0(13e) Affected: 3.0(4k) Affected: 2.0(10b) Affected: 2.0(6d) Affected: 2.0(12b) Affected: 4.0(4h) Affected: 2.0(12h) Affected: 2.0(10f) Affected: 3.0(4l) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 2.0(3i) Affected: 2.0(3f)3 Affected: 3.0(4a) Affected: 2.0(13p) Affected: 2.0(9l) Affected: 2.0(12g) Affected: 2.0(12c) Affected: 2.0(12f) Affected: 2.0(13k) Affected: 3.0(3b) Affected: 2.0(1b) Affected: 3.1(3g) Affected: 2.0(4c) Affected: 4.0(1.240) Affected: 2.0(12d) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 3.0(4d) Affected: 3.0(2b) Affected: 2.0(3d)2 Affected: 2.0(3d)1 Affected: 2.0(9f) Affected: 2.0(13h) Affected: 3.0(4e) Affected: 2.0(8g) Affected: 4.0(2i) Affected: 2.0(10e) Affected: 2.0(13i) Affected: 2.0(9c) Affected: 2.0(4c)1 Affected: 3.0(1c) Affected: 2.0(8e) Affected: 2.0(9e) Affected: 2.0(9p) Affected: 3.1(3i) Affected: 3.0(4i) Affected: 2.0(10k) Affected: 3.0(4o) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 3.0(4p) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 3.0(4q) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 3.0(4r) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 3.0(4s) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(2.250022) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252002) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 2.02 Affected: 4.00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T18:51:46.552039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T18:52:07.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.\r\n\r\nThis vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.607Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
}
],
"source": {
"advisory": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"defects": [
"CSCwm57436"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20317",
"datePublished": "2025-08-27T16:23:18.607Z",
"dateReserved": "2024-10-10T19:15:13.253Z",
"dateUpdated": "2025-08-27T18:52:07.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20261 (GCVE-0-2025-20261)
Vulnerability from nvd ā Published: 2025-06-04 16:17 ā Updated: 2026-02-26 18:27
VLAI?
Title
Cisco Integrated Management Controller Privilege Escalation Vulnerability
Summary
A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.
This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.
Severity ?
8.8 (High)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.2(1k) Affected: 4.0(4n) Affected: 4.1(3h) Affected: 4.2(1l) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.3(4b) Affected: 4.3(2f) Affected: 4.1(3n) |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.1(3l) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.1(2l) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.1(3n) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T03:55:25.941757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:36.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.1(3n)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.1(3n)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\r\n\r\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T16:17:54.028Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"
}
],
"source": {
"advisory": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"defects": [
"CSCwk24502"
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20261",
"datePublished": "2025-06-04T16:17:54.028Z",
"dateReserved": "2024-10-10T19:15:13.243Z",
"dateUpdated": "2026-02-26T18:27:36.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20356 (GCVE-0-2024-20356)
Vulnerability from nvd ā Published: 2024-04-24 19:40 ā Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
Severity ?
8.7 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
3.0(1c)
Affected: 3.0(1d) Affected: 3.0(3a) Affected: 3.0(3b) Affected: 3.0(3e) Affected: 3.0(4a) Affected: 3.0(4d) Affected: 3.0(4e) Affected: 3.0(4i) Affected: 3.0(4j) Affected: 3.0(4k) Affected: 3.0(4l) Affected: 3.0(4m) Affected: 3.0(4n) Affected: 3.0(4o) Affected: 3.0(4p) Affected: 3.0(4q) Affected: 3.0(4r) Affected: 3.0(4s) Affected: 3.1(1d) Affected: 3.1(2b) Affected: 3.1(2c) Affected: 3.1(2d) Affected: 3.1(2e) Affected: 3.1(2g) Affected: 3.1(2i) Affected: 3.1(3a) Affected: 3.1(3b) Affected: 3.1(3c) Affected: 3.1(3d) Affected: 3.1(3g) Affected: 3.1(3h) Affected: 3.1(3i) Affected: 3.1(3j) Affected: 3.1(3k) Affected: 4.0(1.240) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 4.0(1c) Affected: 4.0(1d) Affected: 4.0(1e) Affected: 4.0(1g) Affected: 4.0(1h) Affected: 4.0(2c) Affected: 4.0(2d) Affected: 4.0(2f) Affected: 4.0(2g) Affected: 4.0(2h) Affected: 4.0(2i) Affected: 4.0(2k) Affected: 4.0(2l) Affected: 4.0(2m) Affected: 4.0(2n) Affected: 4.0(4b) Affected: 4.0(4c) Affected: 4.0(4d) Affected: 4.0(4e) Affected: 4.0(4f) Affected: 4.0(4h) Affected: 4.0(4i) Affected: 4.0(4j) Affected: 4.0(4k) Affected: 4.0(4l) Affected: 4.0(4m) Affected: 4.0(2o) Affected: 4.0(2p) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.0(2r) Affected: 4.1(1c) Affected: 4.1(1d) Affected: 4.1(1f) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.1(1h) Affected: 4.1(2b) Affected: 4.1(2f) Affected: 4.1(2e) Affected: 4.1(3b) Affected: 4.1(2d) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(3f) Affected: 4.1(2h) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(2l) Affected: 4.1(3g) Affected: 4.1(3h) Affected: 4.1(3i) Affected: 4.1(3l) Affected: 4.1(2m) Affected: 4.1(3m) Affected: 4.2(1a) Affected: 4.2(1b) Affected: 4.2(1c) Affected: 4.2(1e) Affected: 4.2(1f) Affected: 4.2(1g) Affected: 4.2(1i) Affected: 4.2(1j) Affected: 4.2(2a) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.2(3j) Affected: 4.3(1.230097) Affected: 4.3(1.230124) Affected: 4.3(1.230138) Affected: 4.3(2.230207) Affected: 4.3(2.230270) Affected: 4.3(2.240002) Affected: 4.3(3.240022) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
2.1.0
Affected: 2.4.0 Affected: 2.4.1 Affected: 2.4.2 Affected: 3.2.1 Affected: 3.2.2 Affected: 3.2.3 Affected: 3.2.4 Affected: 3.2.6 Affected: 3.2.7 Affected: 3.2.10 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 3.2.15 Affected: 3.1.1 Affected: 3.1.2 Affected: 3.1.3 Affected: 3.1.4 Affected: 3.1.5 Affected: 3.1.0 Affected: 3.0.1 Affected: 3.0.2 Affected: 2.3.1 Affected: 2.3.2 Affected: 2.3.3 Affected: 2.3.5 Affected: 2.2.1 Affected: 2.2.2 Affected: 2.0.0 Affected: 4.11.1 Affected: 4.12.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_computing_system_e-series:4.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system_e-series",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20356",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T17:53:52.218954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:42.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-bLuPcb",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
}
]
},
{
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T19:40:33.312Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-bLuPcb",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-bLuPcb",
"defects": [
"CSCwi43005",
"CSCwj41082",
"CSCwi43001",
"CSCwi42996"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20356",
"datePublished": "2024-04-24T19:40:33.312Z",
"dateReserved": "2023-11-08T15:08:07.648Z",
"dateUpdated": "2024-08-01T21:59:41.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20295 (GCVE-0-2024-20295)
Vulnerability from nvd ā Published: 2024-04-24 19:41 ā Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
3.0(1c)
Affected: 3.0(1d) Affected: 3.0(2b) Affected: 3.0(3a) Affected: 3.0(3b) Affected: 3.0(3c) Affected: 3.0(3e) Affected: 3.0(3f) Affected: 3.0(4a) Affected: 3.0(4d) Affected: 3.0(4e) Affected: 3.0(4i) Affected: 3.0(4j) Affected: 3.0(4k) Affected: 3.0(4l) Affected: 3.0(4m) Affected: 3.0(4n) Affected: 3.0(4o) Affected: 3.0(4p) Affected: 3.0(4q) Affected: 3.0(4r) Affected: 3.0(4s) Affected: 2.0(10b) Affected: 2.0(10c) Affected: 2.0(10e) Affected: 2.0(10f) Affected: 2.0(10g) Affected: 2.0(10h) Affected: 2.0(10i) Affected: 2.0(10k) Affected: 2.0(10l) Affected: 2.0(12b) Affected: 2.0(12c) Affected: 2.0(12d) Affected: 2.0(12e) Affected: 2.0(12f) Affected: 2.0(12g) Affected: 2.0(12h) Affected: 2.0(12i) Affected: 2.0(13e) Affected: 2.0(13f) Affected: 2.0(13h) Affected: 2.0(13i) Affected: 2.0(13k) Affected: 2.0(13n) Affected: 2.0(13o) Affected: 2.0(13p) Affected: 2.0(13q) Affected: 2.0(1a) Affected: 2.0(1b) Affected: 2.0(3d)1 Affected: 2.0(3d)2 Affected: 2.0(3e)1 Affected: 2.0(3f)3 Affected: 2.0(3i) Affected: 2.0(3j)1 Affected: 2.0(4c) Affected: 2.0(4c)1 Affected: 2.0(6d) Affected: 2.0(6f) Affected: 2.0(8d) Affected: 2.0(8e) Affected: 2.0(8g) Affected: 2.0(8h) Affected: 2.0(9c) Affected: 2.0(9e) Affected: 2.0(9f) Affected: 2.0(9l) Affected: 2.0(9m) Affected: 2.0(9n) Affected: 2.0(9o) Affected: 2.0(9p) Affected: 3.1(1d) Affected: 3.1(2b) Affected: 3.1(2c) Affected: 3.1(2d) Affected: 3.1(2e) Affected: 3.1(2g) Affected: 3.1(2i) Affected: 3.1(3a) Affected: 3.1(3b) Affected: 3.1(3c) Affected: 3.1(3d) Affected: 3.1(3g) Affected: 3.1(3h) Affected: 3.1(3i) Affected: 3.1(3j) Affected: 3.1(3k) Affected: 4.0(1.240) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 4.0(1c) Affected: 4.0(1d) Affected: 4.0(1e) Affected: 4.0(1g) Affected: 4.0(1h) Affected: 4.0(2c) Affected: 4.0(2d) Affected: 4.0(2f) Affected: 4.0(2g) Affected: 4.0(2h) Affected: 4.0(2i) Affected: 4.0(2l) Affected: 4.0(2n) Affected: 4.0(4b) Affected: 4.0(4c) Affected: 4.0(4d) Affected: 4.0(4e) Affected: 4.0(4f) Affected: 4.0(4h) Affected: 4.0(4i) Affected: 4.0(4k) Affected: 4.0(4l) Affected: 4.0(4m) Affected: 4.0(2o) Affected: 4.0(2p) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.0(2r) Affected: 4.1(1c) Affected: 4.1(1d) Affected: 4.1(1f) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.1(1h) Affected: 4.1(2b) Affected: 4.1(2f) Affected: 4.1(2e) Affected: 4.1(3b) Affected: 4.1(2d) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(3f) Affected: 4.1(2h) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(2l) Affected: 4.1(3h) Affected: 4.1(3i) Affected: 4.1(3l) Affected: 4.2(1a) Affected: 4.2(1b) Affected: 4.2(1c) Affected: 4.2(1e) Affected: 4.2(1f) Affected: 4.2(1g) Affected: 4.2(1i) Affected: 4.2(1j) Affected: 4.2(2a) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(1.230097) Affected: 4.3(1.230124) Affected: 4.3(1.230138) Affected: 4.3(2.230207) Affected: 4.3(2.230270) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:unified_computing_system:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "4.3",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20295",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T18:37:12.600877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:08.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
}
]
},
{
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T19:41:02.339Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"defects": [
"CSCwi12864",
"CSCwi29799",
"CSCwi10842"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20295",
"datePublished": "2024-04-24T19:41:02.339Z",
"dateReserved": "2023-11-08T15:08:07.629Z",
"dateUpdated": "2024-08-01T21:59:41.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-20090 (GCVE-0-2026-20090)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:34 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:43:50.354293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:44:31.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:52.272Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60948"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20090",
"datePublished": "2026-04-01T16:34:57.753Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-22T19:09:52.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20089 (GCVE-0-2026-20089)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:34 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:44:47.477553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:45:22.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:56.418Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60944"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20089",
"datePublished": "2026-04-01T16:34:48.793Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-22T19:09:56.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20087 (GCVE-0-2026-20087)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:34 ā Updated: 2026-04-22 19:10
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a Affected: 4.15.5 |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:50:01.177510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:50:56.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
},
{
"status": "affected",
"version": "4.15.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:10:11.956Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60933"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20087",
"datePublished": "2026-04-01T16:34:40.865Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-22T19:10:11.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20088 (GCVE-0-2026-20088)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:34 ā Updated: 2026-04-22 19:10
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 3.2.15 Affected: 3.2.15.3 Affected: 3.2.16.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:55:03.494571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:55:20.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "3.2.16.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:10:02.232Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60943"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20088",
"datePublished": "2026-04-01T16:34:40.845Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-22T19:10:02.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20096 (GCVE-0-2026-20096)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:29 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Command Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
Severity ?
6.5 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:17.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and\u0026nbsp;execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:33.637Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60894"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20096",
"datePublished": "2026-04-01T16:29:03.545Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-22T19:09:33.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20097 (GCVE-0-2026-20097)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:29 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Remote Code Execution Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
Cisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:16.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user.\u0026nbsp;This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.\r\n\r\nCisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:30.232Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60925"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20097",
"datePublished": "2026-04-01T16:29:00.607Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-22T19:09:30.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20094 (GCVE-0-2026-20094)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:28 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Command Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.
Severity ?
8.8 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:15.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:45.612Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60021"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20094",
"datePublished": "2026-04-01T16:28:50.641Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-22T19:09:45.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20095 (GCVE-0-2026-20095)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:28 ā Updated: 2026-04-22 19:09
VLAI?
Title
Cisco Integrated Management Controller Command Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
Severity ?
6.5 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:14.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and\u0026nbsp;execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:09:41.775Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60889"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20095",
"datePublished": "2026-04-01T16:28:47.898Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-22T19:09:41.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20093 (GCVE-0-2026-20093)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:28 ā Updated: 2026-04-02 03:56
VLAI?
Title
Cisco Integrated Management Controller Authentication Bypass Vulnerability
Summary
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.
This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 4.3(6.260003) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:12.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as\u0026nbsp;Admin.\r\n\r\nThis vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an\u0026nbsp;Admin user, and gain access to the system as that user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:28:38.714Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-auth-bypass-AgG2BxTn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn"
}
],
"source": {
"advisory": "cisco-sa-cimc-auth-bypass-AgG2BxTn",
"defects": [
"CSCwq55659"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20093",
"datePublished": "2026-04-01T16:28:38.714Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-02T03:56:12.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20085 (GCVE-0-2026-20085)
Vulnerability from cvelistv5 ā Published: 2026-04-01 16:27 ā Updated: 2026-04-22 19:10
VLAI?
Title
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
4.1.1
Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:14:21.097192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:14:27.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T19:10:14.472Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60930"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20085",
"datePublished": "2026-04-01T16:27:58.940Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-22T19:10:14.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20342 (GCVE-0-2025-20342)
Vulnerability from cvelistv5 ā Published: 2025-08-27 16:23 ā Updated: 2025-08-27 17:38
VLAI?
Title
Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device.
Note: The affected vKVM client is also included in Cisco UCS Manager.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(5e) |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
2.0(1a)
Affected: 4.0(2g) Affected: 2.0(13f) Affected: 3.0(4n) Affected: 2.0(3e)1 Affected: 3.0(3e) Affected: 2.0(8h) Affected: 2.0(10g) Affected: 3.1(2i) Affected: 3.0(3c) Affected: 3.0(4m) Affected: 3.1(1d) Affected: 3.0(3a) Affected: 3.0(1d) Affected: 2.0(9o) Affected: 2.0(13n) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 2.0(13q) Affected: 2.0(3j)1 Affected: 4.0(2c) Affected: 2.0(9n) Affected: 4.0(1e) Affected: 2.0(13o) Affected: 2.0(6f) Affected: 2.0(10c) Affected: 2.0(8d) Affected: 2.0(9m) Affected: 4.0(2h) Affected: 3.0(4j) Affected: 2.0(10i) Affected: 3.0(3f) Affected: 2.0(10l) Affected: 2.0(12e) Affected: 2.0(12i) Affected: 2.0(10h) Affected: 2.0(13e) Affected: 3.0(4k) Affected: 2.0(10b) Affected: 2.0(6d) Affected: 2.0(12b) Affected: 4.0(4h) Affected: 2.0(12h) Affected: 2.0(10f) Affected: 3.0(4l) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 2.0(3i) Affected: 2.0(3f)3 Affected: 3.0(4a) Affected: 2.0(13p) Affected: 2.0(9l) Affected: 2.0(12g) Affected: 2.0(12c) Affected: 2.0(12f) Affected: 2.0(13k) Affected: 3.0(3b) Affected: 2.0(1b) Affected: 3.1(3g) Affected: 2.0(4c) Affected: 4.0(1.240) Affected: 2.0(12d) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 3.0(4d) Affected: 3.0(2b) Affected: 2.0(3d)2 Affected: 2.0(3d)1 Affected: 2.0(9f) Affected: 2.0(13h) Affected: 3.0(4e) Affected: 2.0(8g) Affected: 4.0(2i) Affected: 2.0(10e) Affected: 2.0(13i) Affected: 2.0(9c) Affected: 2.0(4c)1 Affected: 3.0(1c) Affected: 2.0(8e) Affected: 2.0(9e) Affected: 2.0(9p) Affected: 3.1(3i) Affected: 3.0(4i) Affected: 2.0(10k) Affected: 3.0(4o) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 3.0(4p) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 3.0(4q) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 3.0(4r) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 3.0(4s) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(2.250022) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 2.02 Affected: 4.00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T17:19:43.762688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T17:38:30.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.618Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-kvmsxss-6h7AnUyk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk"
}
],
"source": {
"advisory": "cisco-sa-ucs-kvmsxss-6h7AnUyk",
"defects": [
"CSCwm57433"
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20342",
"datePublished": "2025-08-27T16:23:18.618Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-08-27T17:38:30.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20317 (GCVE-0-2025-20317)
Vulnerability from cvelistv5 ā Published: 2025-08-27 16:23 ā Updated: 2025-08-27 18:52
VLAI?
Title
Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability
Summary
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.
This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.
Note: The affected vKVM client is also included in Cisco UCS Manager.
Severity ?
7.1 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(5e) |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
2.0(1a)
Affected: 4.0(2g) Affected: 2.0(13f) Affected: 3.0(4n) Affected: 2.0(3e)1 Affected: 3.0(3e) Affected: 2.0(8h) Affected: 2.0(10g) Affected: 3.1(2i) Affected: 3.0(3c) Affected: 3.0(4m) Affected: 3.1(1d) Affected: 3.0(3a) Affected: 3.0(1d) Affected: 2.0(9o) Affected: 2.0(13n) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 2.0(13q) Affected: 2.0(3j)1 Affected: 4.0(2c) Affected: 2.0(9n) Affected: 4.0(1e) Affected: 2.0(13o) Affected: 2.0(6f) Affected: 2.0(10c) Affected: 2.0(8d) Affected: 2.0(9m) Affected: 4.0(2h) Affected: 3.0(4j) Affected: 2.0(10i) Affected: 3.0(3f) Affected: 2.0(10l) Affected: 2.0(12e) Affected: 2.0(12i) Affected: 2.0(10h) Affected: 2.0(13e) Affected: 3.0(4k) Affected: 2.0(10b) Affected: 2.0(6d) Affected: 2.0(12b) Affected: 4.0(4h) Affected: 2.0(12h) Affected: 2.0(10f) Affected: 3.0(4l) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 2.0(3i) Affected: 2.0(3f)3 Affected: 3.0(4a) Affected: 2.0(13p) Affected: 2.0(9l) Affected: 2.0(12g) Affected: 2.0(12c) Affected: 2.0(12f) Affected: 2.0(13k) Affected: 3.0(3b) Affected: 2.0(1b) Affected: 3.1(3g) Affected: 2.0(4c) Affected: 4.0(1.240) Affected: 2.0(12d) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 3.0(4d) Affected: 3.0(2b) Affected: 2.0(3d)2 Affected: 2.0(3d)1 Affected: 2.0(9f) Affected: 2.0(13h) Affected: 3.0(4e) Affected: 2.0(8g) Affected: 4.0(2i) Affected: 2.0(10e) Affected: 2.0(13i) Affected: 2.0(9c) Affected: 2.0(4c)1 Affected: 3.0(1c) Affected: 2.0(8e) Affected: 2.0(9e) Affected: 2.0(9p) Affected: 3.1(3i) Affected: 3.0(4i) Affected: 2.0(10k) Affected: 3.0(4o) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 3.0(4p) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 3.0(4q) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 3.0(4r) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 3.0(4s) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(2.250022) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252002) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
3.2.7
Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 2.02 Affected: 4.00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T18:51:46.552039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T18:52:07.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.\r\n\r\nThis vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.607Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
}
],
"source": {
"advisory": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"defects": [
"CSCwm57436"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20317",
"datePublished": "2025-08-27T16:23:18.607Z",
"dateReserved": "2024-10-10T19:15:13.253Z",
"dateUpdated": "2025-08-27T18:52:07.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20261 (GCVE-0-2025-20261)
Vulnerability from cvelistv5 ā Published: 2025-06-04 16:17 ā Updated: 2026-02-26 18:27
VLAI?
Title
Cisco Integrated Management Controller Privilege Escalation Vulnerability
Summary
A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.
This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.
Severity ?
8.8 (High)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.2(1k) Affected: 4.0(4n) Affected: 4.1(3h) Affected: 4.2(1l) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.3(4b) Affected: 4.3(2f) Affected: 4.1(3n) |
|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.1(3l) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.1(2l) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.1(3n) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T03:55:25.941757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:36.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.1(3n)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.1(3n)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\r\n\r\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T16:17:54.028Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"
}
],
"source": {
"advisory": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"defects": [
"CSCwk24502"
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20261",
"datePublished": "2025-06-04T16:17:54.028Z",
"dateReserved": "2024-10-10T19:15:13.243Z",
"dateUpdated": "2026-02-26T18:27:36.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20295 (GCVE-0-2024-20295)
Vulnerability from cvelistv5 ā Published: 2024-04-24 19:41 ā Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
3.0(1c)
Affected: 3.0(1d) Affected: 3.0(2b) Affected: 3.0(3a) Affected: 3.0(3b) Affected: 3.0(3c) Affected: 3.0(3e) Affected: 3.0(3f) Affected: 3.0(4a) Affected: 3.0(4d) Affected: 3.0(4e) Affected: 3.0(4i) Affected: 3.0(4j) Affected: 3.0(4k) Affected: 3.0(4l) Affected: 3.0(4m) Affected: 3.0(4n) Affected: 3.0(4o) Affected: 3.0(4p) Affected: 3.0(4q) Affected: 3.0(4r) Affected: 3.0(4s) Affected: 2.0(10b) Affected: 2.0(10c) Affected: 2.0(10e) Affected: 2.0(10f) Affected: 2.0(10g) Affected: 2.0(10h) Affected: 2.0(10i) Affected: 2.0(10k) Affected: 2.0(10l) Affected: 2.0(12b) Affected: 2.0(12c) Affected: 2.0(12d) Affected: 2.0(12e) Affected: 2.0(12f) Affected: 2.0(12g) Affected: 2.0(12h) Affected: 2.0(12i) Affected: 2.0(13e) Affected: 2.0(13f) Affected: 2.0(13h) Affected: 2.0(13i) Affected: 2.0(13k) Affected: 2.0(13n) Affected: 2.0(13o) Affected: 2.0(13p) Affected: 2.0(13q) Affected: 2.0(1a) Affected: 2.0(1b) Affected: 2.0(3d)1 Affected: 2.0(3d)2 Affected: 2.0(3e)1 Affected: 2.0(3f)3 Affected: 2.0(3i) Affected: 2.0(3j)1 Affected: 2.0(4c) Affected: 2.0(4c)1 Affected: 2.0(6d) Affected: 2.0(6f) Affected: 2.0(8d) Affected: 2.0(8e) Affected: 2.0(8g) Affected: 2.0(8h) Affected: 2.0(9c) Affected: 2.0(9e) Affected: 2.0(9f) Affected: 2.0(9l) Affected: 2.0(9m) Affected: 2.0(9n) Affected: 2.0(9o) Affected: 2.0(9p) Affected: 3.1(1d) Affected: 3.1(2b) Affected: 3.1(2c) Affected: 3.1(2d) Affected: 3.1(2e) Affected: 3.1(2g) Affected: 3.1(2i) Affected: 3.1(3a) Affected: 3.1(3b) Affected: 3.1(3c) Affected: 3.1(3d) Affected: 3.1(3g) Affected: 3.1(3h) Affected: 3.1(3i) Affected: 3.1(3j) Affected: 3.1(3k) Affected: 4.0(1.240) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 4.0(1c) Affected: 4.0(1d) Affected: 4.0(1e) Affected: 4.0(1g) Affected: 4.0(1h) Affected: 4.0(2c) Affected: 4.0(2d) Affected: 4.0(2f) Affected: 4.0(2g) Affected: 4.0(2h) Affected: 4.0(2i) Affected: 4.0(2l) Affected: 4.0(2n) Affected: 4.0(4b) Affected: 4.0(4c) Affected: 4.0(4d) Affected: 4.0(4e) Affected: 4.0(4f) Affected: 4.0(4h) Affected: 4.0(4i) Affected: 4.0(4k) Affected: 4.0(4l) Affected: 4.0(4m) Affected: 4.0(2o) Affected: 4.0(2p) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.0(2r) Affected: 4.1(1c) Affected: 4.1(1d) Affected: 4.1(1f) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.1(1h) Affected: 4.1(2b) Affected: 4.1(2f) Affected: 4.1(2e) Affected: 4.1(3b) Affected: 4.1(2d) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(3f) Affected: 4.1(2h) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(2l) Affected: 4.1(3h) Affected: 4.1(3i) Affected: 4.1(3l) Affected: 4.2(1a) Affected: 4.2(1b) Affected: 4.2(1c) Affected: 4.2(1e) Affected: 4.2(1f) Affected: 4.2(1g) Affected: 4.2(1i) Affected: 4.2(1j) Affected: 4.2(2a) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(1.230097) Affected: 4.3(1.230124) Affected: 4.3(1.230138) Affected: 4.3(2.230207) Affected: 4.3(2.230270) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:unified_computing_system:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "4.3",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20295",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T18:37:12.600877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:08.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
}
]
},
{
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T19:41:02.339Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"defects": [
"CSCwi12864",
"CSCwi29799",
"CSCwi10842"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20295",
"datePublished": "2024-04-24T19:41:02.339Z",
"dateReserved": "2023-11-08T15:08:07.629Z",
"dateUpdated": "2024-08-01T21:59:41.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20356 (GCVE-0-2024-20356)
Vulnerability from cvelistv5 ā Published: 2024-04-24 19:40 ā Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
Severity ?
8.7 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
3.0(1c)
Affected: 3.0(1d) Affected: 3.0(3a) Affected: 3.0(3b) Affected: 3.0(3e) Affected: 3.0(4a) Affected: 3.0(4d) Affected: 3.0(4e) Affected: 3.0(4i) Affected: 3.0(4j) Affected: 3.0(4k) Affected: 3.0(4l) Affected: 3.0(4m) Affected: 3.0(4n) Affected: 3.0(4o) Affected: 3.0(4p) Affected: 3.0(4q) Affected: 3.0(4r) Affected: 3.0(4s) Affected: 3.1(1d) Affected: 3.1(2b) Affected: 3.1(2c) Affected: 3.1(2d) Affected: 3.1(2e) Affected: 3.1(2g) Affected: 3.1(2i) Affected: 3.1(3a) Affected: 3.1(3b) Affected: 3.1(3c) Affected: 3.1(3d) Affected: 3.1(3g) Affected: 3.1(3h) Affected: 3.1(3i) Affected: 3.1(3j) Affected: 3.1(3k) Affected: 4.0(1.240) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 4.0(1c) Affected: 4.0(1d) Affected: 4.0(1e) Affected: 4.0(1g) Affected: 4.0(1h) Affected: 4.0(2c) Affected: 4.0(2d) Affected: 4.0(2f) Affected: 4.0(2g) Affected: 4.0(2h) Affected: 4.0(2i) Affected: 4.0(2k) Affected: 4.0(2l) Affected: 4.0(2m) Affected: 4.0(2n) Affected: 4.0(4b) Affected: 4.0(4c) Affected: 4.0(4d) Affected: 4.0(4e) Affected: 4.0(4f) Affected: 4.0(4h) Affected: 4.0(4i) Affected: 4.0(4j) Affected: 4.0(4k) Affected: 4.0(4l) Affected: 4.0(4m) Affected: 4.0(2o) Affected: 4.0(2p) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.0(2r) Affected: 4.1(1c) Affected: 4.1(1d) Affected: 4.1(1f) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.1(1h) Affected: 4.1(2b) Affected: 4.1(2f) Affected: 4.1(2e) Affected: 4.1(3b) Affected: 4.1(2d) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(3f) Affected: 4.1(2h) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(2l) Affected: 4.1(3g) Affected: 4.1(3h) Affected: 4.1(3i) Affected: 4.1(3l) Affected: 4.1(2m) Affected: 4.1(3m) Affected: 4.2(1a) Affected: 4.2(1b) Affected: 4.2(1c) Affected: 4.2(1e) Affected: 4.2(1f) Affected: 4.2(1g) Affected: 4.2(1i) Affected: 4.2(1j) Affected: 4.2(2a) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.2(3j) Affected: 4.3(1.230097) Affected: 4.3(1.230124) Affected: 4.3(1.230138) Affected: 4.3(2.230207) Affected: 4.3(2.230270) Affected: 4.3(2.240002) Affected: 4.3(3.240022) |
|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) |
Affected:
2.1.0
Affected: 2.4.0 Affected: 2.4.1 Affected: 2.4.2 Affected: 3.2.1 Affected: 3.2.2 Affected: 3.2.3 Affected: 3.2.4 Affected: 3.2.6 Affected: 3.2.7 Affected: 3.2.10 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 3.2.15 Affected: 3.1.1 Affected: 3.1.2 Affected: 3.1.3 Affected: 3.1.4 Affected: 3.1.5 Affected: 3.1.0 Affected: 3.0.1 Affected: 3.0.2 Affected: 2.3.1 Affected: 2.3.2 Affected: 2.3.3 Affected: 2.3.5 Affected: 2.2.1 Affected: 2.2.2 Affected: 2.0.0 Affected: 4.11.1 Affected: 4.12.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_computing_system_e-series:4.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system_e-series",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20356",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T17:53:52.218954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:42.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-bLuPcb",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
}
]
},
{
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T19:40:33.312Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-bLuPcb",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-bLuPcb",
"defects": [
"CSCwi43005",
"CSCwj41082",
"CSCwi43001",
"CSCwi42996"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20356",
"datePublished": "2024-04-24T19:40:33.312Z",
"dateReserved": "2023-11-08T15:08:07.648Z",
"dateUpdated": "2024-08-01T21:59:41.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}