CVE-2026-20092— Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-20092
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键资源的不正确权限授予
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Intersight 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Intersight是美国思科(Cisco)公司的一个应用平台。提供了智能管理级别,使 IT 组织能够以比前几代工具更先进的方式分析、简化和自动化其环境。 Cisco Intersight存在安全漏洞,该漏洞源于维护shell中系统账户配置文件权限不当,可能导致具有管理权限的本地攻击者将权限提升至root。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Intersight Virtual Appliance | 1.1.4-0 | - |
II. Public POCs for CVE-2026-20092
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-20092
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2026-01-21 · 5 CVEs total
| CVE-2026-20045 | 8.2 HIGH | Cisco Unified Communications Products Remote Code Execution Vulnerability |
| CVE-2026-20080 | 5.3 MEDIUM | Cisco IEC6400 Edge Compute Appliance SSH Denial of Service Vulnerability |
| CVE-2026-20055 | 4.8 MEDIUM | Cisco Packaged Contact Center Enterprise & Cisco Unified Contact Center Enterprise Cross-S |
| CVE-2026-20109 | 4.8 MEDIUM | Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross |
IV. Related Vulnerabilities
Same product: Cisco Intersight Virtual Appliance
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-732
- CVE-2026-41288
WatchGuard Agent on Windows Privilege Escalation Vulnerabili - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-6499
ILM Informatique OpenConcerto 安全漏洞 - CVE-2026-41366
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLo - CVE-2026-35367
uutils coreutils nohup Information Disclosure via Insecure D
V. Comments for CVE-2026-20092
No comments yet