CVE-2026-20246

Summary

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device.

This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Umbrella Insights Virtual Appliance2.6.0affected
CiscoCisco Umbrella Insights Virtual Appliance2.5.6affected
CiscoCisco Umbrella Insights Virtual Appliance2.5affected
CiscoCisco Umbrella Insights Virtual Appliance2.4.12affected
CiscoCisco Umbrella Insights Virtual Appliance2.7affected
CiscoCisco Umbrella Insights Virtual Appliance2.6.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.5.5affected
CiscoCisco Umbrella Insights Virtual Appliance2.5.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.8affected
CiscoCisco Umbrella Insights Virtual Appliance2.6.1affected
CiscoCisco Umbrella Insights Virtual Appliance2.5.7affected
CiscoCisco Umbrella Insights Virtual Appliance1.5.4affected
CiscoCisco Umbrella Insights Virtual Appliance1.5.5affected
CiscoCisco Umbrella Insights Virtual Appliance1.5.6affected
CiscoCisco Umbrella Insights Virtual Appliance2.0.0affected
CiscoCisco Umbrella Insights Virtual Appliance2.0.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.0.3affected
CiscoCisco Umbrella Insights Virtual Appliance2.1.0affected
CiscoCisco Umbrella Insights Virtual Appliance2.1.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.1.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.1.5affected
CiscoCisco Umbrella Insights Virtual Appliance2.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.2.1affected
CiscoCisco Umbrella Insights Virtual Appliance2.3affected
CiscoCisco Umbrella Insights Virtual Appliance2.3.1affected
CiscoCisco Umbrella Insights Virtual Appliance2.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.4.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.4.6affected
CiscoCisco Umbrella Insights Virtual Appliance2.8.9affected
CiscoCisco Umbrella Insights Virtual Appliance3.0affected
CiscoCisco Umbrella Insights Virtual Appliance3.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.8.1affected
CiscoCisco Umbrella Insights Virtual Appliance2.8.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.8.3affected
CiscoCisco Umbrella Insights Virtual Appliance2.8.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.8.5affected
CiscoCisco Umbrella Insights Virtual Appliance3.0.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.0.2affected
CiscoCisco Umbrella Insights Virtual Appliance3.0.4affected
CiscoCisco Umbrella Insights Virtual Appliance3.0.5affected
CiscoCisco Umbrella Insights Virtual Appliance3.1.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.1.2affected
CiscoCisco Umbrella Insights Virtual Appliance3.1.3affected
CiscoCisco Umbrella Insights Virtual Appliance3.1.4affected
CiscoCisco Umbrella Insights Virtual Appliance3.2.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.2.2affected
CiscoCisco Umbrella Insights Virtual Appliance3.2.3affected
CiscoCisco Umbrella Insights Virtual Appliance3.3affected
CiscoCisco Umbrella Insights Virtual Appliance3.3.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.3.2affected
CiscoCisco Umbrella Insights Virtual Appliance3.3.3affected
CiscoCisco Umbrella Insights Virtual Appliance3.3.4affected
CiscoCisco Umbrella Insights Virtual Appliance3.4affected
CiscoCisco Umbrella Insights Virtual Appliance3.4.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.4.2affected
CiscoCisco Umbrella Insights Virtual Appliance3.4.3affected
CiscoCisco Umbrella Insights Virtual Appliance3.4.4affected
CiscoCisco Umbrella Insights Virtual Appliance3.4.5affected
CiscoCisco Umbrella Insights Virtual Appliance3.4.6affected
CiscoCisco Umbrella Insights Virtual Appliance3.5affected
CiscoCisco Umbrella Insights Virtual Appliance2.7.1affected
CiscoCisco Umbrella Insights Virtual Appliance2.7.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.7.6affected
CiscoCisco Umbrella Insights Virtual Appliance2.7.9affected
CiscoCisco Umbrella Insights Virtual Appliance2.7.10affected
CiscoCisco Umbrella Insights Virtual Appliance3.5.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.5.2affected
CiscoCisco Umbrella Insights Virtual Appliance3.6.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.6.2affected
CiscoCisco Umbrella Insights Virtual Appliance3.7affected
CiscoCisco Umbrella Insights Virtual Appliance3.7.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.8.3affected

Weaknesses

  • CWE-269: Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References