CVE-2026-20037
Privilege Escalation in Cisco UCS NX-OS CLI via Excessive Rights
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ucs_manager_software | * |
| cisco | ucs_manager_software | From 4.3(6f) (inc) |
| cisco | ucs_manager_software | 4.2 |
| cisco | ucs_manager_software | 4.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20037 is a medium-severity privilege escalation vulnerability in Cisco UCS Manager Software affecting the NX-OS CLI privilege levels.
It allows an authenticated local attacker with only read-only privileges to escalate their privileges by modifying files and performing unauthorized actions on the affected system.
The root cause is the assignment of unnecessary privileges to read-only users, enabling them to connect to the NX-OS CLI and create or overwrite files or execute limited privileged commands.
This vulnerability affects Cisco UCS Manager Software running on UCS 6400 Series, UCS 6500 Series, UCS X-Series Direct Fabric Interconnects, and 9108 100G Fabric Interconnects.
How can this vulnerability impact me? :
An attacker who exploits this vulnerability could create or overwrite files in the file system or perform limited privileged actions on an affected device.
This means that even users with only read-only access could gain unauthorized capabilities, potentially compromising the integrity and confidentiality of the system.
However, the impact on availability is not affected according to the CVSS score.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided for identifying this vulnerability on your network or system.
The vulnerability involves an authenticated local attacker with read-only privileges exploiting unnecessary privileges in the NX-OS CLI privilege levels of Cisco UCS Manager Software.
Detection would generally require verifying the software version and privilege configurations on affected devices.
What immediate steps should I take to mitigate this vulnerability?
Cisco strongly recommends upgrading to fixed software releases to fully remediate this vulnerability.
- Upgrade UCS Manager Software to version 4.3(6f) or later, as releases 6.0 and later are not vulnerable.
- Avoid relying on workarounds, as none are available for this vulnerability.
- Review and restrict user privileges to minimize unnecessary access, especially for read-only users.