Skip to main content

Cisco RoomOS CVE-2026-20157

| EUVDEUVD-2026-44718 HIGH
Missing Encryption of Sensitive Data (CWE-311)
2026-07-15 cisco GHSA-c7x8-7666-3x3f
7.5
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
7.5 HIGH
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
5.9 MEDIUM

Adjacent MITM position needed (AV:A/AC:H), no auth (PR:N); missing encryption is confidentiality-dominant (C:H) with limited tamper potential (I:L) and no clear availability impact (A:N).

3.1 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
4.0 AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (cisco).

CVSS VectorVendor: cisco

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 15, 2026 - 16:47 vuln.today
CVE Published
Jul 15, 2026 - 16:18 cve.org
HIGH 7.5

DescriptionCVE.org

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.

The vulnerabilities tracked by CVE-2026-20157 are related to missing encryption that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-311.

AnalysisAI

Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent-network foothold near endpoint
Exploit
Position for traffic interception (MITM)
Execution
Capture unencrypted RoomOS sensitive data
Impact
Recover or tamper with confidential information

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be on the adjacent/local network of the Cisco RoomOS endpoint (AV:A) - remote internet-based exploitation is not indicated. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.5 (High) with vector AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - no authentication or user interaction is required, but two significant limiting factors apply: the attacker must be on the adjacent network (AV:A), and attack complexity is High (AC:H), implying conditions outside the attacker's control such as achieving a man-in-the-middle position or specific timing. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who gains a foothold on the same local network segment as a Cisco RoomOS endpoint (e.g., a compromised device or rogue port in a conference-room network) positions themselves to intercept traffic to or from the endpoint. By passively capturing or actively man-in-the-middling the unencrypted sensitive data, they recover confidential information and could potentially modify it. …
Remediation Patch available per vendor advisory: upgrade Cisco RoomOS to the software hardening release referenced in cisco-sa-hardening-roomos-AqNMbEq (exact fixed version not specified in the provided input - confirm the target build from the advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Cisco RoomOS-based collaboration endpoints and document current network topology and segmentation boundaries. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-20157 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy