CVE-2026-20097 (GCVE-0-2026-20097)
Vulnerability from cvelistv5 – Published: 2026-04-01 16:29 – Updated: 2026-04-02 03:56
VLAI?
Title
Cisco Integrated Management Controller Remote Code Execution Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
Cisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Affected:
4.0(2g)
Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(6.250039) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:16.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user.\u0026nbsp;This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.\r\n\r\nCisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:29:00.607Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60925"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20097",
"datePublished": "2026-04-01T16:29:00.607Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-02T03:56:16.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-20097\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2026-04-01T17:28:30.733\",\"lastModified\":\"2026-04-01T17:28:30.733\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user.\u0026nbsp;This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.\\r\\n\\r\\nCisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt\",\"source\":\"psirt@cisco.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20097\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-01T18:18:16.945390Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-01T18:18:19.592Z\"}}], \"cna\": {\"title\": \"Cisco Integrated Management Controller Remote Code Execution Vulnerability\", \"source\": {\"defects\": [\"CSCwr60925\"], \"advisory\": \"cisco-sa-cimc-cmd-inj-3hKN3bVt\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Computing System (Standalone)\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0(2g)\"}, {\"status\": \"affected\", \"version\": \"3.1(2i)\"}, {\"status\": \"affected\", \"version\": \"3.1(1d)\"}, {\"status\": \"affected\", \"version\": \"4.0(4i)\"}, {\"status\": \"affected\", \"version\": \"4.1(1c)\"}, {\"status\": \"affected\", \"version\": \"4.0(2c)\"}, {\"status\": \"affected\", \"version\": \"4.0(1e)\"}, {\"status\": \"affected\", \"version\": \"4.0(2h)\"}, {\"status\": \"affected\", \"version\": \"4.0(4h)\"}, {\"status\": \"affected\", \"version\": \"4.0(1h)\"}, {\"status\": \"affected\", \"version\": \"4.0(2l)\"}, {\"status\": \"affected\", \"version\": \"3.1(3g)\"}, {\"status\": \"affected\", \"version\": \"4.0(1.240)\"}, {\"status\": \"affected\", \"version\": \"4.0(2f)\"}, {\"status\": \"affected\", \"version\": \"4.0(1g)\"}, {\"status\": \"affected\", \"version\": \"4.0(2i)\"}, {\"status\": \"affected\", \"version\": \"3.1(3i)\"}, {\"status\": \"affected\", \"version\": \"4.0(4d)\"}, {\"status\": \"affected\", \"version\": \"4.1(1d)\"}, {\"status\": \"affected\", \"version\": \"3.1(3c)\"}, {\"status\": \"affected\", \"version\": \"4.0(4k)\"}, {\"status\": \"affected\", \"version\": \"3.1(2d)\"}, {\"status\": \"affected\", \"version\": \"3.1(3a)\"}, {\"status\": \"affected\", \"version\": \"3.1(3j)\"}, {\"status\": \"affected\", \"version\": \"4.0(2d)\"}, {\"status\": \"affected\", \"version\": \"4.1(1f)\"}, {\"status\": \"affected\", \"version\": \"4.0(1c)\"}, {\"status\": \"affected\", \"version\": \"4.0(4f)\"}, {\"status\": \"affected\", \"version\": \"4.0(4c)\"}, {\"status\": \"affected\", \"version\": \"3.1(3d)\"}, {\"status\": \"affected\", \"version\": \"3.1(2g)\"}, {\"status\": \"affected\", \"version\": \"3.1(2c)\"}, {\"status\": \"affected\", \"version\": \"4.0(1d)\"}, {\"status\": \"affected\", \"version\": \"3.1(2e)\"}, {\"status\": \"affected\", \"version\": \"4.0(1a)\"}, {\"status\": \"affected\", \"version\": \"4.0(1b)\"}, {\"status\": \"affected\", \"version\": \"3.1(3b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4b)\"}, {\"status\": \"affected\", \"version\": \"3.1(2b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4e)\"}, {\"status\": \"affected\", \"version\": \"3.1(3h)\"}, {\"status\": \"affected\", \"version\": \"4.0(4l)\"}, {\"status\": \"affected\", \"version\": \"4.1(1g)\"}, {\"status\": \"affected\", \"version\": \"4.1(2a)\"}, {\"status\": \"affected\", \"version\": \"4.0(2n)\"}, {\"status\": \"affected\", \"version\": \"4.1(1h)\"}, {\"status\": \"affected\", \"version\": \"3.1(3k)\"}, {\"status\": \"affected\", \"version\": \"4.1(2b)\"}, {\"status\": \"affected\", \"version\": \"4.0(2o)\"}, {\"status\": \"affected\", \"version\": \"4.0(4m)\"}, {\"status\": \"affected\", \"version\": \"4.1(2d)\"}, {\"status\": \"affected\", \"version\": \"4.1(3b)\"}, {\"status\": \"affected\", \"version\": \"4.0(2p)\"}, {\"status\": \"affected\", \"version\": \"4.1(2e)\"}, {\"status\": \"affected\", \"version\": \"4.1(2f)\"}, {\"status\": \"affected\", \"version\": \"4.0(4n)\"}, {\"status\": \"affected\", \"version\": \"4.0(2q)\"}, {\"status\": \"affected\", \"version\": \"4.1(3c)\"}, {\"status\": \"affected\", \"version\": \"4.0(2r)\"}, {\"status\": \"affected\", \"version\": \"4.1(3d)\"}, {\"status\": \"affected\", \"version\": \"4.1(2g)\"}, {\"status\": \"affected\", \"version\": \"4.1(2h)\"}, {\"status\": \"affected\", \"version\": \"4.1(3f)\"}, {\"status\": \"affected\", \"version\": \"4.1(2j)\"}, {\"status\": \"affected\", \"version\": \"4.1(2k)\"}, {\"status\": \"affected\", \"version\": \"4.1(3h)\"}, {\"status\": \"affected\", \"version\": \"4.2(2a)\"}, {\"status\": \"affected\", \"version\": \"4.1(3i)\"}, {\"status\": \"affected\", \"version\": \"4.2(2f)\"}, {\"status\": \"affected\", \"version\": \"4.2(2g)\"}, {\"status\": \"affected\", \"version\": \"4.2(3b)\"}, {\"status\": \"affected\", \"version\": \"4.1(3l)\"}, {\"status\": \"affected\", \"version\": \"4.2(3d)\"}, {\"status\": \"affected\", \"version\": \"4.3(1.230097)\"}, {\"status\": \"affected\", \"version\": \"4.2(1e)\"}, {\"status\": \"affected\", \"version\": \"4.2(1b)\"}, {\"status\": \"affected\", \"version\": \"4.2(1j)\"}, {\"status\": \"affected\", \"version\": \"4.2(1i)\"}, {\"status\": \"affected\", \"version\": \"4.2(1f)\"}, {\"status\": \"affected\", \"version\": \"4.2(1a)\"}, {\"status\": \"affected\", \"version\": \"4.2(1c)\"}, {\"status\": \"affected\", \"version\": \"4.2(1g)\"}, {\"status\": \"affected\", \"version\": \"4.3(1.230124)\"}, {\"status\": \"affected\", \"version\": \"4.1(2l)\"}, {\"status\": \"affected\", \"version\": \"4.2(3e)\"}, {\"status\": \"affected\", \"version\": \"4.3(1.230138)\"}, {\"status\": \"affected\", \"version\": \"4.2(3g)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.230207)\"}, {\"status\": \"affected\", \"version\": \"4.2(3h)\"}, {\"status\": \"affected\", \"version\": \"4.2(3i)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.230270)\"}, {\"status\": \"affected\", \"version\": \"4.1(3m)\"}, {\"status\": \"affected\", \"version\": \"4.1(2m)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.240002)\"}, {\"status\": \"affected\", \"version\": \"4.3(3.240022)\"}, {\"status\": \"affected\", \"version\": \"4.2(3j)\"}, {\"status\": \"affected\", \"version\": \"4.1(3n)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.240009)\"}, {\"status\": \"affected\", \"version\": \"4.3(3.240043)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.240142)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.240037)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.240053)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.240152)\"}, {\"status\": \"affected\", \"version\": \"4.2(3l)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.240077)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.242028)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.241063)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.242038)\"}, {\"status\": \"affected\", \"version\": \"4.2(3m)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.240090)\"}, {\"status\": \"affected\", \"version\": \"4.3(5.240021)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.240107)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.242066)\"}, {\"status\": \"affected\", \"version\": \"4.2(3n)\"}, {\"status\": \"affected\", \"version\": \"4.3(5.250001)\"}, {\"status\": \"affected\", \"version\": \"4.2(3o)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.250016)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.250021)\"}, {\"status\": \"affected\", \"version\": \"4.3(5.250030)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.250022)\"}, {\"status\": \"affected\", \"version\": \"4.3(6.250040)\"}, {\"status\": \"affected\", \"version\": \"4.3(5.250033)\"}, {\"status\": \"affected\", \"version\": \"4.3(6.250044)\"}, {\"status\": \"affected\", \"version\": \"4.3(6.250053)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.250037)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.250045)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.252001)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.252002)\"}, {\"status\": \"affected\", \"version\": \"6.0(1.250127)\"}, {\"status\": \"affected\", \"version\": \"4.2(3p)\"}, {\"status\": \"affected\", \"version\": \"6.0(1.250131)\"}, {\"status\": \"affected\", \"version\": \"4.3(6.250101)\"}, {\"status\": \"affected\", \"version\": \"6.0(1.250174)\"}, {\"status\": \"affected\", \"version\": \"4.3(6.250117)\"}, {\"status\": \"affected\", \"version\": \"4.3(5.250043)\"}, {\"status\": \"affected\", \"version\": \"4.3(6.250039)\"}, {\"status\": \"affected\", \"version\": \"4.3(5.250045)\"}, {\"status\": \"affected\", \"version\": \"4.3(6.250060)\"}, {\"status\": \"affected\", \"version\": \"6.0(1.250130)\"}, {\"status\": \"affected\", \"version\": \"4.3(4.241014)\"}, {\"status\": \"affected\", \"version\": \"4.3(2.250063)\"}, {\"status\": \"affected\", \"version\": \"6.0(1.250192)\"}, {\"status\": \"affected\", \"version\": \"4.3(6.260003)\"}, {\"status\": \"affected\", \"version\": \"6.0(1.250194)\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt\", \"name\": \"cisco-sa-cimc-cmd-inj-3hKN3bVt\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user.\u0026nbsp;This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.\\r\\n\\r\\nCisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-787\", \"description\": \"Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2026-04-01T16:29:00.607Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20097\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-02T03:56:16.248Z\", \"dateReserved\": \"2025-10-08T11:59:15.369Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2026-04-01T16:29:00.607Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…