CVE-2026-20092
Privilege Escalation via Misconfigured Permissions in Cisco Intersight Appliance
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | intersight_connected_virtual_appliance | to 1.1.4|start_including=1.1.5 (exc) |
| cisco | intersight_private_virtual_appliance | to 1.1.4|start_including=1.1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a privilege escalation issue in the read-only maintenance shell of the Cisco Intersight Virtual Appliance. An authenticated local attacker with administrative privileges can exploit improper file permissions on configuration files to elevate their privileges to root. By accessing the maintenance shell as a read-only administrator and manipulating system files, the attacker can gain full control over the virtual appliance. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to gain root privileges on the virtual appliance, giving them full control. This includes access to sensitive information, the ability to modify workloads and configurations on the host system, and the potential to cause a denial of service (DoS). [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the Cisco Intersight Virtual Appliance software to a fixed version. Versions 1.1.4 and 1.1.4-1 are vulnerable, while versions 1.1.3 and earlier, as well as 1.1.5 and later, are not vulnerable. Cisco Intersight Connected Virtual Appliance (CVA) will be upgraded automatically, but Cisco Intersight Private Virtual Appliance (PVA) users must manually upgrade via the Cisco Intersight website. There are no workarounds or other mitigations available, so upgrading to a fixed release is strongly recommended to fully remediate the vulnerability. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could impact compliance with standards such as GDPR and HIPAA because it allows an attacker to gain root access to the virtual appliance, potentially leading to unauthorized access to sensitive information and modification of workloads and configurations. Such unauthorized access and data exposure could violate data protection and privacy requirements mandated by these regulations. Therefore, failure to remediate this vulnerability may result in non-compliance with these standards. [1]