Skip to main content

Cisco CVE-2026-20115

| EUVDEUVD-2026-15447 MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2026-03-25 cisco
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:16 euvd
EUVD-2026-15447
Analysis Generated
Mar 25, 2026 - 16:16 vuln.today
CVE Published
Mar 25, 2026 - 16:08 nvd
MEDIUM 6.1

DescriptionCVE.org

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information.

AnalysisAI

Cisco Meraki devices running vulnerable IOS XE Software transmit configuration data over unencrypted channels, enabling remote attackers to intercept sensitive device information through on-path attacks. The vulnerability requires user interaction and network proximity but carries no patch availability, leaving affected organizations exposed until remediation is implemented. This affects both Cisco and Apple products integrating the vulnerable software.

Technical ContextAI

This vulnerability is rooted in CWE-319 (Cleartext Transmission of Sensitive Information), where Cisco IOS XE Software (CPE: cpe:2.3:a:cisco:cisco_ios_xe_software) fails to encrypt configuration upload traffic to the Cisco Meraki Dashboard management interface. The affected technology involves the Meraki cloud management protocol used by Cisco IOS XE-based devices to synchronize device configurations. Rather than using encrypted tunnels (TLS/SSL) for all sensitive data in transit, the device sends configuration data over an insecure channel, permitting on-path attackers to passively intercept and read plaintext or weakly-protected configuration payloads containing credentials, network topology, and operational parameters.

RemediationAI

Upgrade affected Cisco IOS XE Software to a patched version released after the advisory date, following the specific fixed versions listed in the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe_infodis-6J847uEB. As an interim mitigation, restrict network access to the Meraki Dashboard by implementing network segmentation and firewall rules that limit device-to-dashboard communication to trusted, encrypted channels only; additionally, enforce TLS 1.2 or higher for all Meraki management connections and monitor for suspicious on-path traffic patterns using network intrusion detection systems tuned to detect cleartext configuration transmissions. For organizations unable to immediately patch, consider disabling automatic configuration uploads until the device can be updated.

Share

CVE-2026-20115 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy