{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20099", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.370Z", "datePublished": "2026-02-25T16:25:38.517Z", "dateUpdated": "2026-02-25T19:05:48.544Z"}, "containers": {"cna": {"title": "Cisco UCS Manager and FXOS Software Command Injection Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. \r\n\r\nThis vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of the affected device with root-level privileges."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q", "name": "cisco-sa-ucsciv-wGYtC78q"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ucsciv-wGYtC78q", "discovery": "INTERNAL", "defects": ["CSCwn02394"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "cwe", "cweId": "CWE-78"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Firepower Extensible Operating System (FXOS)", "versions": [{"version": "2.3.1.99", "status": "affected"}, {"version": "2.3.1.56", "status": "affected"}, {"version": "2.3.1.110", "status": "affected"}, {"version": "2.3.1.58", "status": "affected"}, {"version": "2.6.1.174", "status": "affected"}, {"version": "2.6.1.157", "status": "affected"}, {"version": "2.3.1.91", "status": "affected"}, {"version": "2.3.1.73", "status": "affected"}, {"version": "2.3.1.66", "status": "affected"}, {"version": "2.6.1.166", "status": "affected"}, {"version": "2.3.1.111", "status": "affected"}, {"version": "2.3.1.166", "status": "affected"}, {"version": "2.3.1.144", "status": "affected"}, {"version": "2.6.1.131", "status": "affected"}, {"version": "2.3.1.130", "status": "affected"}, {"version": "2.3.1.88", "status": "affected"}, {"version": "2.6.1.169", "status": "affected"}, {"version": "2.3.1.75", "status": "affected"}, {"version": "2.3.1.93", "status": "affected"}, {"version": "2.3.1.145", "status": "affected"}, {"version": "2.3.1.155", "status": "affected"}, {"version": "2.6.1.187", "status": "affected"}, {"version": "2.3.1.173", "status": "affected"}, {"version": "2.3.1.179", "status": "affected"}, {"version": "2.6.1.192", "status": "affected"}, {"version": "2.3.1.180", "status": "affected"}, {"version": "2.6.1.204", "status": "affected"}, {"version": "2.6.1.214", "status": "affected"}, {"version": "2.3.1.190", "status": "affected"}, {"version": "2.6.1.224", "status": "affected"}, {"version": "2.6.1.229", "status": "affected"}, {"version": "2.3.1.215", "status": "affected"}, {"version": "2.10.1.159", "status": "affected"}, {"version": "2.3.1.216", "status": "affected"}, {"version": "2.6.1.230", "status": "affected"}, {"version": "2.10.1.166", "status": "affected"}, {"version": "2.6.1.238", "status": "affected"}, {"version": "2.6.1.239", "status": "affected"}, {"version": "2.11.1.154", "status": "affected"}, {"version": "2.10.1.179", "status": "affected"}, {"version": "2.3.1.219", "status": "affected"}, {"version": "2.6.1.254", "status": "affected"}, {"version": "2.12.0.31", "status": "affected"}, {"version": "2.12.0.432", "status": "affected"}, {"version": "2.10.1.207", "status": "affected"}, {"version": "2.3.1.230", "status": "affected"}, {"version": "2.6.1.259", "status": "affected"}, {"version": "2.11.1.182", "status": "affected"}, {"version": "2.12.0.450", "status": "affected"}, {"version": "2.10.1.234", "status": "affected"}, {"version": "2.13.0.198", "status": "affected"}, {"version": "2.12.0.467", "status": "affected"}, {"version": "2.13.0.212", "status": "affected"}, {"version": "2.6.1.264", "status": "affected"}, {"version": "2.10.1.245", "status": "affected"}, {"version": "2.11.1.200", "status": "affected"}, {"version": "2.12.0.498", "status": "affected"}, {"version": "2.10.1.271", "status": "affected"}, {"version": "2.12.1.29", "status": "affected"}, {"version": "2.13.0.243", "status": "affected"}, {"version": "2.11.1.205", "status": "affected"}, {"version": "2.6.1.265", "status": "affected"}, {"version": "2.12.1.48", "status": "affected"}, {"version": "2.14.1.131", "status": "affected"}, {"version": "2.13.0.276", "status": "affected"}, {"version": "2.11.1.228", "status": "affected"}, {"version": "2.12.1.72", "status": "affected"}, {"version": "2.10.1.312", "status": "affected"}, {"version": "2.6.1.272", "status": "affected"}, {"version": "2.14.1.143", "status": "affected"}, {"version": "2.14.1.163", "status": "affected"}, {"version": "2.14.1.167", "status": "affected"}, {"version": "2.12.1.84", "status": "affected"}, {"version": "2.16.0.128", "status": "affected"}, {"version": "2.10.1.328", "status": "affected"}, {"version": "2.10.1.341", "status": "affected"}, {"version": "2.11.1.236", "status": "affected"}, {"version": "2.12.1.95", "status": "affected"}, {"version": "2.13.0.357", "status": "affected"}, {"version": "2.16.0.136", "status": "affected"}, {"version": "2.14.1.186", "status": "affected"}, {"version": "2.17.0.518", "status": "affected"}, {"version": "2.14.1.187", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software", "versions": [{"version": "9.12.2", "status": "affected"}, {"version": "9.12.1", "status": "affected"}, {"version": "9.12.3", "status": "affected"}, {"version": "9.12.4", "status": "affected"}, {"version": "9.12.3.2", "status": "affected"}, {"version": "9.12.3.12", "status": "affected"}, {"version": "9.12.2.5", "status": "affected"}, {"version": "9.12.1.2", "status": "affected"}, {"version": "9.12.2.1", "status": "affected"}, {"version": "9.12.3.7", "status": "affected"}, {"version": "9.12.2.9", "status": "affected"}, {"version": "9.12.3.9", "status": "affected"}, {"version": "9.12.1.3", "status": "affected"}, {"version": "9.12.4.2", "status": "affected"}, {"version": "9.12.4.4", "status": "affected"}, {"version": "9.12.4.7", "status": "affected"}, {"version": "9.12.4.8", "status": "affected"}, {"version": "9.12.4.10", "status": "affected"}, {"version": "9.12.4.13", "status": "affected"}, {"version": "9.12.4.18", "status": "affected"}, {"version": "9.12.4.24", "status": "affected"}, {"version": "9.16.1", "status": "affected"}, {"version": "9.12.4.26", "status": "affected"}, {"version": "9.16.1.28", "status": "affected"}, {"version": "9.12.4.29", "status": "affected"}, {"version": "9.16.2", "status": "affected"}, {"version": "9.12.4.30", "status": "affected"}, {"version": "9.16.2.3", "status": "affected"}, {"version": "9.12.4.35", "status": "affected"}, {"version": "9.16.2.7", "status": "affected"}, {"version": "9.12.4.37", "status": "affected"}, {"version": "9.17.1", "status": "affected"}, {"version": "9.16.2.11", "status": "affected"}, {"version": "9.16.2.13", "status": "affected"}, {"version": "9.12.4.39", "status": "affected"}, {"version": "9.12.4.38", "status": "affected"}, {"version": "9.16.2.14", "status": "affected"}, {"version": "9.17.1.7", "status": "affected"}, {"version": "9.12.4.40", "status": "affected"}, {"version": "9.16.3.3", "status": "affected"}, {"version": "9.16.3", "status": "affected"}, {"version": "9.17.1.9", "status": "affected"}, {"version": "9.16.3.14", "status": "affected"}, {"version": "9.12.4.41", "status": "affected"}, {"version": "9.17.1.10", "status": "affected"}, {"version": "9.18.1", "status": "affected"}, {"version": "9.12.4.47", "status": "affected"}, {"version": "9.16.3.15", "status": "affected"}, {"version": "9.18.1.3", "status": "affected"}, {"version": "9.17.1.11", "status": "affected"}, {"version": "9.12.4.48", "status": "affected"}, {"version": "9.18.2", "status": "affected"}, {"version": "9.16.3.19", "status": "affected"}, {"version": "9.17.1.13", "status": "affected"}, {"version": "9.12.4.50", "status": "affected"}, {"version": "9.17.1.15", "status": "affected"}, {"version": "9.12.4.52", "status": "affected"}, {"version": "9.16.3.23", "status": "affected"}, {"version": "9.18.2.5", "status": "affected"}, {"version": "9.16.4", "status": "affected"}, {"version": "9.12.4.54", "status": "affected"}, {"version": "9.17.1.20", "status": "affected"}, {"version": "9.18.2.7", "status": "affected"}, {"version": "9.19.1", "status": "affected"}, {"version": "9.16.4.9", "status": "affected"}, {"version": "9.12.4.55", "status": "affected"}, {"version": "9.18.2.8", "status": "affected"}, {"version": "9.16.4.14", "status": "affected"}, {"version": "9.18.3", "status": "affected"}, {"version": "9.19.1.5", "status": "affected"}, {"version": "9.12.4.56", "status": "affected"}, {"version": "9.17.1.30", "status": "affected"}, {"version": "9.19.1.9", "status": "affected"}, {"version": "9.18.3.39", "status": "affected"}, {"version": "9.16.4.19", "status": "affected"}, {"version": "9.12.4.58", "status": "affected"}, {"version": "9.19.1.12", "status": "affected"}, {"version": "9.18.3.46", "status": "affected"}, {"version": "9.16.4.27", "status": "affected"}, {"version": "9.19.1.18", "status": "affected"}, {"version": "9.18.3.53", "status": "affected"}, {"version": "9.18.3.55", "status": "affected"}, {"version": "9.16.4.38", "status": "affected"}, {"version": "9.17.1.33", "status": "affected"}, {"version": "9.12.4.62", "status": "affected"}, {"version": "9.16.4.39", "status": "affected"}, {"version": "9.18.3.56", "status": "affected"}, {"version": "9.16.4.42", "status": "affected"}, {"version": "9.19.1.22", "status": "affected"}, {"version": "9.18.4", "status": "affected"}, {"version": "9.18.4.5", "status": "affected"}, {"version": "9.19.1.24", "status": "affected"}, {"version": "9.16.4.48", "status": "affected"}, {"version": "9.18.4.8", "status": "affected"}, {"version": "9.20.2", "status": "affected"}, {"version": "9.19.1.27", "status": "affected"}, {"version": "9.12.4.65", "status": "affected"}, {"version": "9.16.4.55", "status": "affected"}, {"version": "9.18.4.22", "status": "affected"}, {"version": "9.20.2.10", "status": "affected"}, {"version": "9.16.4.57", "status": "affected"}, {"version": "9.19.1.28", "status": "affected"}, {"version": "9.17.1.39", "status": "affected"}, {"version": "9.12.4.67", "status": "affected"}, {"version": "9.18.4.24", "status": "affected"}, {"version": "9.20.2.21", "status": "affected"}, {"version": "9.16.4.61", "status": "affected"}, {"version": "9.19.1.31", "status": "affected"}, {"version": "9.18.4.29", "status": "affected"}, {"version": "9.20.2.22", "status": "affected"}, {"version": "9.16.4.62", "status": "affected"}, {"version": "9.18.4.34", "status": "affected"}, {"version": "9.20.3", "status": "affected"}, {"version": "9.16.4.67", "status": "affected"}, {"version": "9.18.4.40", "status": "affected"}, {"version": "9.16.4.71", "status": "affected"}, {"version": "9.20.3.4", "status": "affected"}, {"version": "9.18.4.47", "status": "affected"}, {"version": "9.20.3.7", "status": "affected"}, {"version": "9.17.1.45", "status": "affected"}, {"version": "9.19.1.37", "status": "affected"}, {"version": "9.16.4.76", "status": "affected"}, {"version": "9.18.4.50", "status": "affected"}, {"version": "9.20.3.10", "status": "affected"}, {"version": "9.18.4.52", "status": "affected"}, {"version": "9.20.3.13", "status": "affected"}, {"version": "9.18.4.53", "status": "affected"}, {"version": "9.16.4.82", "status": "affected"}, {"version": "9.20.3.16", "status": "affected"}, {"version": "9.19.1.42", "status": "affected"}, {"version": "9.18.4.57", "status": "affected"}, {"version": "9.16.4.84", "status": "affected"}, {"version": "9.20.3.20", "status": "affected"}, {"version": "9.20.4", "status": "affected"}, {"version": "9.20.4.7", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Unified Computing System (Managed)", "versions": [{"version": "4.0(4h)", "status": "affected"}, {"version": "4.1(1a)", "status": "affected"}, {"version": "4.0(1c)", "status": "affected"}, {"version": "4.0(4a)", "status": "affected"}, {"version": "4.0(1a)", "status": "affected"}, {"version": "4.0(1d)", "status": "affected"}, {"version": "4.1(1c)", "status": "affected"}, {"version": "4.0(2a)", "status": "affected"}, {"version": "4.0(4g)", "status": "affected"}, {"version": "4.0(2e)", "status": "affected"}, {"version": "4.0(4c)", "status": "affected"}, {"version": "4.0(4f)", "status": "affected"}, {"version": "4.0(1b)", "status": "affected"}, {"version": "4.0(2b)", "status": "affected"}, {"version": "4.0(2d)", "status": "affected"}, {"version": "4.1(1b)", "status": "affected"}, {"version": "4.0(4d)", "status": "affected"}, {"version": "4.0(4e)", "status": "affected"}, {"version": "4.0(4b)", "status": "affected"}, {"version": "4.1(2a)", "status": "affected"}, {"version": "4.1(1d)", "status": "affected"}, {"version": "4.0(4i)", "status": "affected"}, {"version": "4.1(1e)", "status": "affected"}, {"version": "4.1(2b)", "status": "affected"}, {"version": "4.0(4k)", "status": "affected"}, {"version": "4.1(3a)", "status": "affected"}, {"version": "4.1(3b)", "status": "affected"}, {"version": "4.1(2c)", "status": "affected"}, {"version": "4.0(4l)", "status": "affected"}, {"version": "4.1(4a)", "status": "affected"}, {"version": "4.1(3c)", "status": "affected"}, {"version": "4.1(3d)", "status": "affected"}, {"version": "4.2(1c)", "status": "affected"}, {"version": "4.2(1d)", "status": "affected"}, {"version": "4.0(4m)", "status": "affected"}, {"version": "4.1(3e)", "status": "affected"}, {"version": "4.2(1f)", "status": "affected"}, {"version": "4.1(3f)", "status": "affected"}, {"version": "4.2(1i)", "status": "affected"}, {"version": "4.1(3h)", "status": "affected"}, {"version": "4.2(1k)", "status": "affected"}, {"version": "4.2(1l)", "status": "affected"}, {"version": "4.0(4n)", "status": "affected"}, {"version": "4.2(1m)", "status": "affected"}, {"version": "4.1(3i)", "status": "affected"}, {"version": "4.2(2a)", "status": "affected"}, {"version": "4.2(1n)", "status": "affected"}, {"version": "4.1(3j)", "status": "affected"}, {"version": "4.2(2c)", "status": "affected"}, {"version": "4.2(2d)", "status": "affected"}, {"version": "4.2(3b)", "status": "affected"}, {"version": "4.1(3k)", "status": "affected"}, {"version": "4.0(4o)", "status": "affected"}, {"version": "4.2(2e)", "status": "affected"}, {"version": "4.2(3d)", "status": "affected"}, {"version": "4.2(3e)", "status": "affected"}, {"version": "4.2(3g)", "status": "affected"}, {"version": "4.1(3l)", "status": "affected"}, {"version": "4.3(2b)", "status": "affected"}, {"version": "4.2(3h)", "status": "affected"}, {"version": "4.2(3i)", "status": "affected"}, {"version": "4.3(2c)", "status": "affected"}, {"version": "4.1(3m)", "status": "affected"}, {"version": "4.3(2e)", "status": "affected"}, {"version": "4.3(3a)", "status": "affected"}, {"version": "4.2(3j)", "status": "affected"}, {"version": "4.3(3c)", "status": "affected"}, {"version": "4.3(4a)", "status": "affected"}, {"version": "4.2(3k)", "status": "affected"}, {"version": "4.3(4b)", "status": "affected"}, {"version": "4.3(4c)", "status": "affected"}, {"version": "4.2(3l)", "status": "affected"}, {"version": "4.3(4d)", "status": "affected"}, {"version": "4.3(2f)", "status": "affected"}, {"version": "4.2(3m)", "status": "affected"}, {"version": "4.3(5a)", "status": "affected"}, {"version": "4.3(4e)", "status": "affected"}, {"version": "4.1(3n)", "status": "affected"}, {"version": "4.3(4f)", "status": "affected"}, {"version": "4.2(3n)", "status": "affected"}, {"version": "4.3(5c)", "status": "affected"}, {"version": "4.2(3o)", "status": "affected"}, {"version": "4.3(5d)", "status": "affected"}, {"version": "4.3(6a)", "status": "affected"}, {"version": "4.3(6b)", "status": "affected"}, {"version": "4.3(5e)", "status": "affected"}, {"version": "4.2(3p)", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-02-25T16:25:38.517Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20099", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-25T18:18:19.386525Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T19:05:48.544Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. \r\n\r\nThis vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of the affected device with root-level privileges."}], "id": "CVE-2026-20099", "lastModified": "2026-02-25T17:25:27.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-02-25T17:25:27.357", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{}