CVE-2026-20037
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2Tags
Description
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite files in the file system or perform limited privileged actions on an affected device.
Analysis
Cisco UCS Manager NX-OS CLI improperly grants excessive privileges to read-only users, allowing authenticated local attackers to modify files and execute privileged actions on affected systems. An attacker with read-only credentials can exploit this privilege escalation to create, overwrite files, or perform limited administrative operations. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today