Skip to main content

Cisco CVE-2026-20083

| EUVDEUVD-2026-15429 MEDIUM
Improper Handling of Extra Parameters (CWE-235)
2026-03-25 cisco GHSA-74wh-qxxr-jvr4
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:16 euvd
EUVD-2026-15429
Analysis Generated
Mar 25, 2026 - 16:16 vuln.today
CVE Published
Mar 25, 2026 - 16:07 nvd
MEDIUM 6.5

DescriptionCVE.org

A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An attacker could exploit this vulnerability by issuing a crafted command through SSH. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.

AnalysisAI

Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.

Technical ContextAI

The vulnerability resides in the SCP server feature of Cisco IOS XE Software, a network operating system used in enterprise routing and switching infrastructure. SCP (Secure Copy Protocol) is a legacy file transfer protocol that runs over SSH and is commonly used for device management and configuration backup. The root cause is classified under CWE-235 (Improper Handling of Incorrect Relation in Data), indicating that the SCP request parser fails to properly validate or handle malformed protocol messages. When a crafted SCP command is issued through an SSH session, the vulnerable code path does not correctly process the invalid input, leading to an unhandled exception or memory corruption that forces a device reload. The CPE identifier cpe:2.3:a:cisco:cisco_ios_xe_software confirms this affects the core Cisco IOS XE software distribution across multiple hardware platforms.

RemediationAI

The primary remediation is to upgrade Cisco IOS XE Software to a patched version when released by Cisco; consult the official Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scp-dos-duAdXtCg) for the specific target version for your hardware platform and release train. Until patched versions are available or deployed, implement the following compensating controls: (1) Disable the SCP server feature on the device using the no ip scp server enable command if SCP is not required for operational automation; (2) Restrict SSH access to the device using access control lists (ACLs) or firewall rules to limit connectivity to known management workstations and jump hosts; (3) Use AAA authentication with strong credentials and audit SSH login attempts to detect unauthorized access attempts; (4) Monitor device reload events and set up alerts for unexpected reloads that may indicate exploitation attempts. Organizations unable to disable SCP should prioritize patching in their change management process, as this vulnerability can be exploited by any authenticated SSH user with low privileges.

Share

CVE-2026-20083 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy