CVE-2026-20037
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite files in the file system or perform limited privileged actions on an affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(2b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(2a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(1a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(2a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(1b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(2e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4h) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4g) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(1d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(2d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(1c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(2b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(2c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(4a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4m) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3h) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1m) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(2a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3j) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(2c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(2d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4o) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(2e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3g) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(2b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3h) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(2c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3m) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(2e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(3a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3j) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(3c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(2f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3m) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(5a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(5c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3o) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(5d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(6a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(6b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(5e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(6c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3p) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(6d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(6e) | affected |
Weaknesses
- CWE-250: Execution with Unnecessary Privileges
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.