Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Network-reachable service, no auth or interaction needed (PR:N/UI:N/AC:L); improper input validation yields only device crash/reload, so A:H with C:N/I:N.
Primary rating from Vendor (cisco).
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.
The vulnerabilities tracked by CVE-2026-20153 are related to improper input validation that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-20.
AnalysisAI
Denial of service in Cisco RoomOS software allows remote, unauthenticated attackers to disrupt device availability through improperly validated input, resulting in a high availability impact (CVSS 7.5). The flaw was internally discovered during a Cisco engineering security review and shipped in a software hardening release bundling multiple CWE-20 input-validation issues. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network access to a Cisco RoomOS device's affected input-processing service; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication, user interaction, or special configuration is documented, so default-configured, network-reachable RoomOS endpoints are exposed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are mixed and warrant caution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to a Cisco RoomOS endpoint sends crafted, malformed input to a network-facing service on the device; the improper input validation causes the process to crash or the device to reload, dropping active calls and rendering the room system unavailable. Because no authentication or user interaction is required (PR:N/UI:N) and complexity is low, the attack is repeatable, but no public POC or active exploitation is currently known. |
| Remediation | Patch available per vendor advisory - upgrade Cisco RoomOS to the fixed software hardening release identified in Cisco Security Advisory cisco-sa-hardening-roomos-AqNMbEq (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq); no exact fixed version number is present in the provided data, so consult the advisory for your specific device model and release train. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Cisco RoomOS installations and restrict network access to trusted subnets where operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Cisco Roomos Software
View allPrivilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-leve
Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpo
Denial of service in Cisco RoomOS software allows remote unauthenticated attackers to exhaust availability of affected c
Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over
Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where miss
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44719
GHSA-qm4f-8gwc-gx49