Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.4
Cisco UCS Manager Software: Unauthorized Access to Files by Read-Only Users
CVE-2026-20037
Summary
Cisco UCS Manager Software has a security issue where a read-only user can potentially modify files and perform unauthorized actions on a device. This could happen if an attacker logs in with a read-only account and uses the command line interface. To fix this, ensure that users with read-only access are not able to escalate their privileges.
Original title
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actio...
Original description
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system.
This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite files in the file system or perform limited privileged actions on an affected device.
This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite files in the file system or perform limited privileged actions on an affected device.
nvd CVSS3.1
4.4
Vulnerability type
CWE-250
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026