CVE-2026-20099 in Firepower Extensible Operating Systeminformazioni

Riassunto

di MITRE • 25/02/2026

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. 

This vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of the affected device with root-level privileges.

Once again VulDB remains the best source for vulnerability data.

Responsabile

Cisco

Prenotare

08/10/2025

Divulgazione

25/02/2026

Moderazione

accettato

CPE

pronto

EPSS

0.00640

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!