Details of VAR-202606-4065

ID

VAR-202606-4065

CVE

CVE-2026-20246

TITLE

Cisco Systems Umbrella Virtual Appliance Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2026-020702

DESCRIPTION

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root. root You will be promoted.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software will not stop

Trust: 1.62

sources: NVD: CVE-2026-20246 // JVNDB: JVNDB-2026-020702

AFFECTED PRODUCTS

vendor:	cisco	model:	umbrella virtual appliance	scope:	lt	version:	3.8.5	Trust: 1.0
vendor:	シスコシステムズ	model:	umbrella virtual appliance	scope:	eq	version:	3.8.5	Trust: 0.8
vendor:	シスコシステムズ	model:	umbrella virtual appliance	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	umbrella virtual appliance	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-020702 // NVD: CVE-2026-20246

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2026-20246
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2026-020702
value:	MEDIUM
Trust: 0.8

psirt@cisco.com:	CVE-2026-20246
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-020702
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-020702 // NVD: CVE-2026-20246

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-020702 // NVD: CVE-2026-20246

PATCH

title:

Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability

url:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU

Trust: 0.8

sources: JVNDB: JVNDB-2026-020702

EXTERNAL IDS

db:	NVD	id:	CVE-2026-20246	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-020702	Trust: 0.8

sources: JVNDB: JVNDB-2026-020702 // NVD: CVE-2026-20246

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-priv-esc-f4wjb7au	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-20246	Trust: 0.8

sources: JVNDB: JVNDB-2026-020702 // NVD: CVE-2026-20246

SOURCES

db:	JVNDB	id:	JVNDB-2026-020702
db:	NVD	id:	CVE-2026-20246

LAST UPDATE DATE

2026-06-25T23:22:31.623000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-020702	date:	2026-06-23T01:01:00
db:	NVD	id:	CVE-2026-20246	date:	2026-06-22T13:24:17.140

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-020702	date:	2026-06-23T00:00:00
db:	NVD	id:	CVE-2026-20246	date:	2026-06-17T17:16:43.423