Cisco Integrated Management Controllers (IMC) are subject to a critical authentication bypass that allows remote attackers to seize administrative control by improperly handling password change requests.

The vulnerability stems from incorrect handling of HTTP password change requests. An unauthenticated, remote attacker can send a crafted request to bypass security checks and reset the password of any user, including the Admin account.

With a CVSS score of 9.8, the impact is severe. An attacker gaining Admin access to the IMC can control the underlying physical server, modify firmware, access data, and potentially brick the hardware, leading to catastrophic operational failure.

Immediate Action: Apply the latest firmware updates provided by Cisco for the Integrated Management Controller to patch the password handling logic.

Proactive Monitoring: Monitor web management logs for successful password changes that were not initiated by authorized personnel and check for anomalous HTTP requests.

Compensating Controls: Disable public internet access to the IMC management interface and restrict access to a dedicated, isolated management VLAN with strict ACLs.

Public Exploit Available: No

Organizations must treat this as a top-priority security event. Ensure that all Cisco IMC instances are updated immediately and that management interfaces are never exposed to untrusted networks.