Cisco IMC Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the web-based management interface of Cisco Integrated Management Controller (IMC) for UCS C-Series M5 and M6 Rack Servers in standalone mode, as well as UCS E-Series Servers M6. This vulnerability allows an authenticated, remote attacker with admin-level privileges to execute arbitrary code on the underlying operating system as the root user. The issue arises from improper validation of user-supplied input, which could be exploited by sending crafted HTTP requests to an affected device.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the affected system, with elevated privileges, allowing the attacker to execute commands as the root user.

Remediation

Cisco has released software updates to address this vulnerability. For UCS C-Series M6 Rack Servers, the fixed release is 6.0(2.260044), available in April 2026. For UCS C-Series M5 Rack Servers, the first fixed release is 4.3(2.260007). Instructions for upgrading can be found in the Cisco Host Upgrade Utility User Guide.