QSearchQSearch

CVE-2026-5944

8.2 HIGH

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central

Published: 2026-04-28 · Last updated: 2026-05-18

Severity and scoring

CVSS
8.2 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CWE
CWE-306, CWE-862

Affected products

VendorProduct
ciscointersight_device_connector

Description

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked. Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-20245 A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vM... (7.8 HIGH)
  • CVE-2026-20233 A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct... (6.1 MEDIUM)
  • CVE-2026-20025 A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, ad... (6.8 MEDIUM)
  • CVE-2026-20016 A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an auth... (6.0 MEDIUM)
  • CVE-2026-20069 A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Fi... (4.3 MEDIUM)

Same CWE

  • CVE-2026-46645 SQLAdmin is a flexible Admin interface for SQLAlchemy models (4.3 MEDIUM)
  • CVE-2026-53634 Sharp is a content management framework built for Laravel as a package (4.3 MEDIUM)
  • CVE-2026-0272 A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Comm...
  • CVE-2026-49822 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (7.7 HIGH)
  • CVE-2026-49821 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (7.7 HIGH)