CVE-2026-20037Execution with Unnecessary Privileges in Cisco Unified Computing System

CWE-250Execution with Unnecessary Privileges5 documents5 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 96.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Computing System
Timeline
PublishedFeb 25

Description

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages1 packages

CVEListV5cisco/cisco_unified_computing_system90 versions+89

🔴Vulnerability Details

2
CVEList
Cisco UCS Manager File Write Vulnerability2026-02-25
GHSA
GHSA-qwj7-2gpw-fvvg: A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges2026-02-25

📋Vendor Advisories

1
Cisco
Cisco UCS Manager Software Privilege Escalation Vulnerability2026-02-25
CVE-2026-20037 — Execution with Unnecessary Privileges | cvebase