Volerion logoVolerion
Volerion logoVolerion

Cisco Integrated Management Controller Authentication Bypass Vulnerability Allowing Unauthorized Access as Admin

Vulnerability

An authentication bypass vulnerability has been identified in the password change functionality of Cisco Integrated Management Controller (IMC). This issue allows an unauthenticated, remote attacker to gain access to the system as an Admin user. The vulnerability arises from improper handling of password change requests, enabling attackers to send crafted HTTP requests that bypass authentication and modify passwords for any user, including Admin.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the system as an Admin user, allowing the attacker to manipulate user accounts and potentially access sensitive system functions or data.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading to the fixed releases are available in the Cisco Security Advisory related to this vulnerability.

Added: Apr 1, 2026, 6:05 PM
Updated: Apr 1, 2026, 6:05 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
5.0
exploitability
7.8
remediation
8.3
relevance
5.0
threat
0.0
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.