CNNVD-202601-3417 Information

Jan 21, 2026 cve

CNNVD ID

CNNVD-202601-3417

CVE-2026-20092

CNNVD Published: 2026-01-21

Description (Chinese)

Cisco Intersight是美国思科（Cisco）公司的一个应用平台。提供了智能管理级别，使 IT 组织能够以比前几代工具更先进的方式分析、简化和自动化其环境。 Cisco Intersight存在安全漏洞，该漏洞源于维护shell中系统账户配置文件权限不当，可能导致具有管理权限的本地攻击者将权限提升至root。

Description (English)

Cisco Intersight is an application platform for Cisco Corporation. Smart management levels are provided to enable IT organizations to analyse, simplify and automate their environments in a more advanced way than previous generation tools. There is a security loophole in Cisco Intersight, which stems from the improper permission to maintain the system ’ s account configuration in shell, which may lead local assailants with management privileges to raise them to root.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

思科

Published

2026-01-21

Last Modified

2026-02-24

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk https://access.redhat.com/security/cve/cve-2026-20092

Patch

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk

Share on: