Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
Description
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco IMC Supervisor, UCS Director, and UCS Director Express for Big Data ship with a documented default account (scpuser) that has an undocumented default password, allowing unauthenticated remote attackers to execute arbitrary commands.
Vulnerability
The vulnerability resides in the Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. A documented default account named scpuser exists in these products with an undocumented default password, and the default password is not enforced to be changed during installation. This allows an unauthenticated, remote attacker to log in to the CLI of an affected system using the scpuser account. The affected versions are those prior to the fixed releases provided by Cisco [1].
Exploitation
An attacker can exploit this vulnerability by using the scpuser account with its default credentials to log in to the CLI of an affected system remotely. No authentication or prior access is required. The attacker only needs network access to the target system's CLI interface. Once logged in, the attacker can execute commands with the privileges of the scpuser account [1].
Impact
A successful exploit grants the attacker the ability to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database, potentially leading to complete compromise of the affected system's data and configuration. The impact is severe, as it allows unauthorized access and control over critical infrastructure management components [1].
Mitigation
Cisco has released free software updates to address this vulnerability. Customers are advised to upgrade to the fixed versions as soon as possible. The fixed releases are available through the Cisco Software Center. For customers without service contracts, contact the Cisco TAC. There are no workarounds listed; changing the default password manually is recommended but not enforced. The vulnerability is not listed on the CISA KEV as of the publication date [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercredmitrevendor-advisoryx_refsource_CISCO
- packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/Aug/36mitremailing-listx_refsource_FULLDISC
- seclists.org/bugtraq/2019/Aug/49mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.