Description
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system.
 
This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite files in the file system or perform limited privileged actions on an affected device.   
Published: 2026-02-25
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local File Write via Read‑Only Privileges
Action: Apply Patch
AI Analysis

Impact

The vulnerability stems from unnecessary file‑write permissions granted to users with read‑only privileges in the NX‑OS CLI of Cisco UCS Manager. An authenticated local attacker can log in as a read‑only user, connect through the CLI, and create or overwrite files on the device’s file system, potentially enabling further limited privileged actions. This weakness is a classic example of CWE‑250, where improper restriction of user privileges leads to unauthorized file modifications.

Affected Systems

The affected environment is Cisco Unified Computing System (Managed) – UCS Manager. No specific product or firmware version numbers are disclosed in the advisory, so all current UCS Manager releases may be at risk until Cisco publishes a patch.

Risk and Exploitability

The CVSS base score of 4.4 indicates a moderate impact, and the EPSS score of less than 1% shows that the probability of exploitation is very low at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated user with read‑only access and local CLI connectivity; it cannot be leveraged remotely. While the likelihood of an attack is low, the impact of unauthorized file changes could undermine system integrity and configuration management.

Generated by OpenCVE AI on April 17, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco UCS Manager firmware that addresses the file‑write privilege issue.
  • Restrict read‑only user roles to eliminate unnecessary file‑write permissions, following Cisco's recommended role‑based access controls.
  • Enable comprehensive logging and audit monitoring for CLI sessions to detect unauthorized file creation or modification.

Generated by OpenCVE AI on April 17, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco unified Computing System Manager
Vendors & Products Cisco
Cisco unified Computing System Manager

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. &nbsp; This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite files in the file system or perform limited privileged actions on an affected device.&nbsp; &nbsp;
Title Cisco UCS Manager File Write Vulnerability
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Cisco Unified Computing System Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-02-25T19:05:48.855Z

Reserved: 2025-10-08T11:59:15.353Z

Link: CVE-2026-20037

cve-icon Vulnrichment

Updated: 2026-02-25T18:17:48.760Z

cve-icon NVD

Status : Deferred

Published: 2026-02-25T17:25:25.190

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-20037

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T15:15:21Z

Weaknesses