Severity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Adjacent MITM position needed (AV:A/AC:H), no auth (PR:N); missing encryption is confidentiality-dominant (C:H) with limited tamper potential (I:L) and no clear availability impact (A:N).
Primary rating from Vendor (cisco).
CVSS VectorVendor: cisco
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.
The vulnerabilities tracked by CVE-2026-20157 are related to missing encryption that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-311.
AnalysisAI
Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be on the adjacent/local network of the Cisco RoomOS endpoint (AV:A) - remote internet-based exploitation is not indicated. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.5 (High) with vector AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - no authentication or user interaction is required, but two significant limiting factors apply: the attacker must be on the adjacent network (AV:A), and attack complexity is High (AC:H), implying conditions outside the attacker's control such as achieving a man-in-the-middle position or specific timing. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who gains a foothold on the same local network segment as a Cisco RoomOS endpoint (e.g., a compromised device or rogue port in a conference-room network) positions themselves to intercept traffic to or from the endpoint. By passively capturing or actively man-in-the-middling the unencrypted sensitive data, they recover confidential information and could potentially modify it. … |
| Remediation | Patch available per vendor advisory: upgrade Cisco RoomOS to the software hardening release referenced in cisco-sa-hardening-roomos-AqNMbEq (exact fixed version not specified in the provided input - confirm the target build from the advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Cisco RoomOS-based collaboration endpoints and document current network topology and segmentation boundaries. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Cisco Roomos Software
View allPrivilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-leve
Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpo
Denial of service in Cisco RoomOS software allows remote unauthenticated attackers to exhaust availability of affected c
Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over
Denial of service in Cisco RoomOS software allows remote, unauthenticated attackers to disrupt device availability throu
Same weakness CWE-311 – Missing Encryption of Sensitive Data
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44718
GHSA-c7x8-7666-3x3f