Changeflow GovPing Data Privacy & Cybersecurity Cisco IMC Critical Vulnerabilities - Remote Cod...
Urgent Notice Added Final

Cisco IMC Critical Vulnerabilities - Remote Code Execution and Privilege Escalation

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published April 1st, 2026
Detected April 2nd, 2026
Email

Summary

CERT-Bund issued a critical security advisory (WID-SEC-2026-0953) disclosing multiple vulnerabilities in Cisco Integrated Management Controller (IMC) affecting UCS C-Series, E-Series, and S-Series servers. The vulnerabilities carry a CVSS Base Score of 9.8, enabling remote unauthenticated attackers to gain administrator privileges, execute arbitrary code with root privileges, and conduct cross-site-scripting attacks. Organizations using affected Cisco products should apply patches immediately.

View original document View source feed page

What changed

CERT-Bund disclosed critical vulnerabilities in Cisco Integrated Management Controller spanning multiple product lines including UCS C-Series M5/M6, UCS E-Series M3/M6, UCS S-Series Storage Server, 5000 Series ENCS NFVIS, and Catalyst 8300 Series Edge uCPE NFVIS. The CVSS Base Score of 9.8 indicates critical severity; the CVSS Temporal Score is 8.5. Affected versions fall below specific patch thresholds depending on product line. The vulnerabilities allow remote attackers to achieve administrator access, execute code with root privileges, and perform XSS attacks.

Organizations must immediately identify deployed Cisco IMC instances and determine which product versions are in use. Apply the latest security patches from Cisco (versions 4.3(2.260007), 6.0(1.250174), 6.0(2.260044), 3.2.17, 4.15.3, 4.15.5, 4.18.3, or 4.3(6.260017) depending on platform). Until patches are applied, restrict network access to the IMC management interface and monitor for indicators of compromise. No specific compliance deadline was stated; however, immediate action is warranted given the critical severity and remote attack vector.

What to do next

  1. Identify all deployed Cisco IMC instances and inventory affected product versions
  2. Apply Cisco security patches for affected product lines immediately
  3. Restrict network access to IMC management interfaces and monitor for exploitation attempts

Source document (simplified)

[WID-SEC-2026-0953] Cisco Integrated Management Controller: Mehrere Schwachstellen CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 01.04.2026 Stand 02.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • CISCO Appliance
  • Hardware Appliance

Produktbeschreibung

Der Cisco Integrated Management Controller ist eine Serververwaltung für mehrere Cisco-Produkte.

Produkte

01.04.2026
- Cisco Integrated Management Controller UCS C-Series M5 Rack ServerIMC <4.3(2.260007)

  • Cisco Integrated Management Controller UCS C-Series M6 Rack Server IMC <4.3(2.260007)

  • Cisco Integrated Management Controller UCS C-Series M6 Rack Server IMC <6.0(1.250174)

  • Cisco Integrated Management Controller UCS E-Series M3 IMC <3.2.17

  • Cisco Integrated Management Controller UCS E-Series M6 IMC <4.15.3

  • Cisco Integrated Management Controller Hardware Platform

  • Cisco Integrated Management Controller 5000 Series ENCS NFVIS <4.15.5

  • Cisco Integrated Management Controller Catalyst 8300 Series Edge uCPE NFVIS <4.18.3

  • Cisco Integrated Management Controller UCS C-Series M6 Rack Server IMC <6.0(2.260044)

  • Cisco Integrated Management Controller UCS S-Series Storage Server IMC <4.3(6.260017)

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in Cisco Integrated Management Controller ausnutzen, um Administratorrechte zu erlangen, beliebigen Code mit Root-Rechten auszuführen oder Cross-Site-Scripting-Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de M-Files Server Information Disclosure Vulnerability Advisory
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Cisco Nexus Vulnerabilities Allow File Manipulation, Data Disclosure
Routine Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de IGEL UMS Vulnerability Allows Remote Information Disclosure
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cssf.lu Active Supply Chain Attack Targeting Axios NPM
Urgent Apr 04, 2026 CSSF News Banking & Finance
Favicon for www.cert.ssi.gouv.fr SUSE Linux Kernel Multiple Vulnerabilities Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Ubuntu Linux Kernel Vulnerabilities Allow Arbitrary Code Execution
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
April 1st, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
WID-SEC-2026-0953

Who this affects

Applies to
Government agencies Healthcare providers Technology companies
Industry sector
3341 Computer & Electronics Manufacturing 5112 Software & Technology
Activity scope
Server Management Vulnerability Management
Threshold
All versions of Cisco IMC below: 4.3(2.260007) for UCS C-Series M5/M6; 6.0(1.250174) or 6.0(2.260044) for UCS C-Series M6; 3.2.17 for UCS E-Series M3; 4.15.3 for UCS E-Series M6; 4.15.5 for ENCS NFVIS 5000 Series; 4.18.3 for Catalyst 8300 Series Edge uCPE; 4.3(6.260017) for UCS S-Series Storage
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF NIST 800-53
Topics
Data Privacy IT Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Government & Legislation 277 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 103 Securities & Markets 104 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.