{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20092", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.368Z", "datePublished": "2026-01-21T16:26:05.298Z", "dateUpdated": "2026-02-26T14:44:35.281Z"}, "containers": {"cna": {"title": "Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance.\r\n\r\nThis vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS)."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk", "name": "cisco-sa-intersight-privesc-p6tBm6jk"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-intersight-privesc-p6tBm6jk", "discovery": "INTERNAL", "defects": ["CSCwr55647"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect Permission Assignment for Critical Resource", "type": "cwe", "cweId": "CWE-732"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Intersight Virtual Appliance", "versions": [{"version": "1.1.4-0", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-01-21T16:26:05.298Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20092", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-22T04:55:45.398061Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:35.281Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20092", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-22T04:55:45.398061Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T16:52:21.316Z"}}], "cna": {"title": "Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability", "source": {"defects": ["CSCwr55647"], "advisory": "cisco-sa-intersight-privesc-p6tBm6jk", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Intersight Virtual Appliance", "versions": [{"status": "affected", "version": "1.1.4-0"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk", "name": "cisco-sa-intersight-privesc-p6tBm6jk"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance.\r\n\r\nThis vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-732", "description": "Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-01-21T16:26:05.298Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20092", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:35.281Z", "dateReserved": "2025-10-08T11:59:15.368Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-01-21T16:26:05.298Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance.\r\n\r\nThis vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS)."}, {"lang": "es", "value": "Una vulnerabilidad en el shell de mantenimiento de solo lectura de Cisco Intersight Virtual Appliance podr\u00eda permitir a un atacante local autenticado con privilegios administrativos elevar privilegios a root en el dispositivo virtual.\n\nEsta vulnerabilidad se debe a permisos de archivo incorrectos en los archivos de configuraci\u00f3n para las cuentas de sistema dentro del shell de mantenimiento del dispositivo virtual. Un atacante podr\u00eda explotar esta vulnerabilidad al acceder al shell de mantenimiento como administrador de solo lectura y manipular archivos de sistema para otorgar privilegios de root. Un exploit exitoso podr\u00eda permitir al atacante elevar sus privilegios a root en el dispositivo virtual y obtener control total del dispositivo, d\u00e1ndoles la capacidad de acceder a informaci\u00f3n sensible, modificar cargas de trabajo y configuraciones en el sistema host, y causar una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2026-20092", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-01-21T17:16:08.570", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T04:15:23.639073+00:00", "value": {"mitigation_remediation": ["Apply the latest Cisco Intersight Virtual Appliance security patch or upgrade to a version that corrects the file permission issue.", "Restrict access to the maintenance shell to only trusted administrators and enforce least\u2011privilege policy.", "Verify that system account configuration files have correct ownership and permissions (e.g., root:root 0640 or appropriate) and monitor for unauthorized changes.", "Conduct regular security reviews of appliance file permissions and audit logs."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation to Root"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Cisco Intersight Virtual Appliance; no specific version range is listed, so all releases that include the maintenance shell are potentially impacted.", "description_and_impact": "The read\u2011only maintenance shell of Cisco Intersight Virtual Appliance contains improperly set file permissions that let an authenticated local administrator edit configuration files for system accounts. By modifying these files the attacker can grant themselves root rights. A successful exploit would give the attacker full control over the appliance, enabling access to sensitive data, alteration of workloads and configurations, and potential denial\u2011of\u2011service conditions.", "risk_and_exploitability": "The vulnerability has a CVSS score of 6.0, indicating moderate severity. EPSS shows a probability of exploitation below 1\u202f%, suggesting that the risk in the wild is currently low. It is not listed in the CISA KEV catalog. The exploit requires the attacker to have local authenticated administrative access to the appliance, after which they can manipulate files within the maintenance shell to elevate to root."}}}}, "created": "2026-01-22T10:15:11.502231+00:00", "updated": "2026-04-18T04:30:35.820514+00:00", "vendors": ["cisco", "cisco$PRODUCT$intersight_virtual_appliance"]}