Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026041002043939 | Publication Time | 2026/04/10 14:19 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/04/10 14:19 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】 Cisco Integrated Management Controller Contains Two Critical Security Vulnerabilities |
|||
| [Content] Forwarded from TWCERTCC-200-202604-00000004 Cisco Integrated Management Controller (IMC) is a management tool designed specifically for servers in Cisco Unified Computing System, providing remote server monitoring, configuration, and management functions. Recently, Cisco released a critical security advisory (CVE-2026-20093, CVSS: 9.8, and CVE-2026-20094, CVSS: 8.8). CVE-2026-20093 is an Authentication Bypass vulnerability that may allow an unauthenticated remote attacker to bypass authentication and access the system with administrator privileges. CVE-2026-20094 exists in the IMC web management interface. This is a Command Injection vulnerability that may allow an authenticated remote attacker to execute arbitrary code or commands on the affected underlying operating system and escalate privileges to root. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform]
Cisco 5000 Series ENCS version 4.15 and earlier (inclusive) |
|||
| [Recommended Actions]
【CVE-2026-20093】 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn 【CVE-2026-20094】 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10823-4db55-1.html |
|||