Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
Description
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated, remote attacker can bypass authentication in Cisco IMC Supervisor, UCS Director, and UCS Director Express for Big Data to gain full administrative access.
Vulnerability
The vulnerability resides in the web-based management interface of Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. It is caused by insufficient validation of request headers during the authentication process. Affected versions include Cisco IMC Supervisor prior to 2.1.0.0, Cisco UCS Director prior to 6.7.1.0, and Cisco UCS Director Express for Big Data prior to 3.7.1.0 [1].
Exploitation
An unauthenticated, remote attacker can exploit this vulnerability by sending a series of specially crafted requests to the affected device. No prior authentication or user interaction is required. The attacker manipulates request headers to bypass the authentication mechanism [1].
Impact
Successful exploitation grants the attacker full administrative access to the affected device. This results in a complete compromise of confidentiality, integrity, and availability, allowing the attacker to execute arbitrary commands, modify configurations, and access sensitive data [1].
Mitigation
Cisco has released free software updates to address this vulnerability. The fixed versions are Cisco IMC Supervisor 2.1.0.0, Cisco UCS Director 6.7.1.0, and Cisco UCS Director Express for Big Data 3.7.1.0. Customers should upgrade to these releases as detailed in the Cisco Security Advisory [1]. No workarounds are available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypassmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.