Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information.
AnalysisAI
Cisco Meraki devices running vulnerable IOS XE Software transmit configuration data over unencrypted channels, enabling remote attackers to intercept sensitive device information through on-path attacks. The vulnerability requires user interaction and network proximity but carries no patch availability, leaving affected organizations exposed until remediation is implemented. This affects both Cisco and Apple products integrating the vulnerable software.
Technical ContextAI
This vulnerability is rooted in CWE-319 (Cleartext Transmission of Sensitive Information), where Cisco IOS XE Software (CPE: cpe:2.3:a:cisco:cisco_ios_xe_software) fails to encrypt configuration upload traffic to the Cisco Meraki Dashboard management interface. The affected technology involves the Meraki cloud management protocol used by Cisco IOS XE-based devices to synchronize device configurations. Rather than using encrypted tunnels (TLS/SSL) for all sensitive data in transit, the device sends configuration data over an insecure channel, permitting on-path attackers to passively intercept and read plaintext or weakly-protected configuration payloads containing credentials, network topology, and operational parameters.
RemediationAI
Upgrade affected Cisco IOS XE Software to a patched version released after the advisory date, following the specific fixed versions listed in the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe_infodis-6J847uEB. As an interim mitigation, restrict network access to the Meraki Dashboard by implementing network segmentation and firewall rules that limit device-to-dashboard communication to trusted, encrypted channels only; additionally, enforce TLS 1.2 or higher for all Meraki management connections and monitor for suspicious on-path traffic patterns using network intrusion detection systems tuned to detect cleartext configuration transmissions. For organizations unable to immediately patch, consider disabling automatic configuration uploads until the device can be updated.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15447