Description
A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance.

This vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS).
Published: 2026-01-21
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to Root
Action: Apply Patch
AI Analysis

Impact

The read‑only maintenance shell of Cisco Intersight Virtual Appliance contains improperly set file permissions that let an authenticated local administrator edit configuration files for system accounts. By modifying these files the attacker can grant themselves root rights. A successful exploit would give the attacker full control over the appliance, enabling access to sensitive data, alteration of workloads and configurations, and potential denial‑of‑service conditions.

Affected Systems

The vulnerability affects Cisco Intersight Virtual Appliance; no specific version range is listed, so all releases that include the maintenance shell are potentially impacted.

Risk and Exploitability

The vulnerability has a CVSS score of 6.0, indicating moderate severity. EPSS shows a probability of exploitation below 1 %, suggesting that the risk in the wild is currently low. It is not listed in the CISA KEV catalog. The exploit requires the attacker to have local authenticated administrative access to the appliance, after which they can manipulate files within the maintenance shell to elevate to root.

Generated by OpenCVE AI on April 18, 2026 at 04:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Intersight Virtual Appliance security patch or upgrade to a version that corrects the file permission issue.
  • Restrict access to the maintenance shell to only trusted administrators and enforce least‑privilege policy.
  • Verify that system account configuration files have correct ownership and permissions (e.g., root:root 0640 or appropriate) and monitor for unauthorized changes.
  • Conduct regular security reviews of appliance file permissions and audit logs.

Generated by OpenCVE AI on April 18, 2026 at 04:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco intersight Virtual Appliance
Vendors & Products Cisco
Cisco intersight Virtual Appliance

Wed, 21 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 21 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to&nbsp;root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS).
Title Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Cisco Intersight Virtual Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-02-26T14:44:35.281Z

Reserved: 2025-10-08T11:59:15.368Z

Link: CVE-2026-20092

cve-icon Vulnrichment

Updated: 2026-01-21T16:52:21.316Z

cve-icon NVD

Status : Deferred

Published: 2026-01-21T17:16:08.570

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-20092

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T04:30:35Z

Weaknesses