{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T08:24:29.723","vulnerabilities":[{"cve":{"id":"CVE-2026-20092","sourceIdentifier":"psirt@cisco.com","published":"2026-01-21T17:16:08.570","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance.\r\n\r\nThis vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to&nbsp;root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS)."},{"lang":"es","value":"Una vulnerabilidad en el shell de mantenimiento de solo lectura de Cisco Intersight Virtual Appliance podría permitir a un atacante local autenticado con privilegios administrativos elevar privilegios a root en el dispositivo virtual.\n\nEsta vulnerabilidad se debe a permisos de archivo incorrectos en los archivos de configuración para las cuentas de sistema dentro del shell de mantenimiento del dispositivo virtual. Un atacante podría explotar esta vulnerabilidad al acceder al shell de mantenimiento como administrador de solo lectura y manipular archivos de sistema para otorgar privilegios de root. Un exploit exitoso podría permitir al atacante elevar sus privilegios a root en el dispositivo virtual y obtener control total del dispositivo, dándoles la capacidad de acceder a información sensible, modificar cargas de trabajo y configuraciones en el sistema host, y causar una denegación de servicio (DoS)."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk","source":"psirt@cisco.com"}]}}]}