CVE-2026-20246

MEDIUM EPSS 1.2%

Published Jun 17, 20261w ago · Modified Jun 22, 20261w ago

6.0 CVSS 3.1

Medium

Published Jun 17, 2026 1w ago

Last Modified Jun 22, 2026 1w ago

Description

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.

CVSS Details

Base Score

6.0

Exploitability

0.8

Impact

5.2

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

1.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

Affected Products 1

Vendor	Product	Version	Range
cisco	umbrella_virtual_appliance	*	<3.8.5

References 1

sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.