关键信息 Vulnerability ID: cisco-sa-intersight-privesc-p6tBm6jk CVE ID: CVE-2026-20092 CVSS Score: Base 6.0 Risk Level: Medium Affected Products: - Cisco Intersight Connected Virtual Appliance (CVA) - Cisco Intersight Private Virtual Appliance (PVA) Fixed Software: - Cisco Intersight Virtual Appliance Software 1.1.4 and later - 1.1.4-1 Source: Internal security testing Workarounds: None available Exploitation and Public Announcements: No public announcements or malicious use known Summary A vulnerability in the maintenance shell of Cisco Intersight Virtual Appliance could allow a local attacker with administrative privileges to escalate privileges to root. This is due to improper file permissions on configuration files. The advisory provides details on affected software, fixed releases, and recommends upgrading to mitigate the risk.