—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco Intersight Connected Virtual Appliance (CVA)

Overview

A vulnerability has been reported in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to the improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges.

Successful exploitation of this vulnerability could allow the attacker to  elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS).

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk

CVE Name

CVE-2026-20092

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml0mYAACgkQ3jCgcSdc

ys/Yqg/+LHo7mvR7QQG00vh/08HqqV0gWfIQ8mt7P3i9uiDyaP/+Q/Krg9h84rxn

7svcgimNzYKQDWDmCbkQn/Ja+gex56aW67kO3i2EmEk+kd+LF/ah+gNYs32T7LEy

AipeOn5tq3RJHrN9gVX0sapF8hqXzWO5VeYCtaqabvGyeOko6oTkkkEvuDNVTYBp

ygTxBmW6GFM8NmBvCWlMOqNdKTPIyxlQMB3kDotho92JRi9CfN27VWWuA+tMqU5P

4003mEJ4+IhD5Ca3hq4qA4iYxiHgh/QatuoBv03OlpYVfMO/ACmmxZuNJiW8EpEC

FPLnu1e5wcp03feidGQsQgMwlyK7v/0IPfXv3FTLnUTZkeHgPXlXum2EpYHqPqdB

QhuDaz3lrJHTRIXJ3QlKKhy9T546eESFEHnc0a2leVngl1nptlBEPB803BMiWxrT

GrBvefk6vFWWTIgDkxmHsgyY+WRqSXCf9CI1GLJL5FtLs/pZNYBUMI0XS38eKjIh

kFVMRpz5jba1t5cwA/eiw7AWpT9sM26SI8wI2nupnNnYVlBAiI6jvQ4bes3MbKRn

4pyCDKKcmD3aip8TauLSKGCQhxEZhJ+Q/r/udZJ4Vi5ffLCu8bZ98wrFWGRrULUP

pFaqED6XL+6TVed520OqHFjfArK6Myuc1I00s406qA3MDcjwuac=

=R2x2

—–END PGP SIGNATURE—–