EUVD-2026-17957
GHSA-2cwq-r4f6-rjgw
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
3Tags
Description
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.
Analysis
Cisco Nexus Dashboard Insights metadata update feature allows authenticated administrators to write arbitrary files to the system with root privileges through path traversal in insufficiently validated metadata files. An attacker with valid administrative credentials can craft and manually upload a malicious metadata file to achieve arbitrary file write access to the underlying operating system. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today