EIP-2026-101200

PRE-CVE

Cisco Ironport Appliances - Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101200. PoCs published by Glafkos Charalambous.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in Cisco IronPort appliances. By enabling the Service Account with a temporary password and the appliance's serial number, an attacker can generate a root password using a weak algorithm, allowing full root access.

Description

Cisco Ironport Appliances - Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by Glafkos Charalambous · textremotehardware

https://www.exploit-db.com/exploits/35887

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in Cisco IronPort appliances. By enabling the Service Account with a temporary password and the appliance's serial number, an attacker can generate a root password using a weak algorithm, allowing full root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Cisco IronPort ESA (AsyncOS 8.5.5-280), WSA (AsyncOS 8.0.5-075), SMA (AsyncOS 8.3.6-0)

Auth required

Prerequisites: Authenticated access to the appliance · Ability to enable the Service Account · Knowledge of the appliance's serial number

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026