Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition. In case of exploitation, a device administrator can connect to the CLI and use the stop maintenance command to restore operations.
AnalysisAI
Insufficient privilege validation on the start maintenance command in Cisco IOS XE Software enables authenticated local attackers to trigger a denial of service by placing devices into maintenance mode, which disables network interfaces. Low-privileged users can exploit this via CLI access without administrative credentials. Device recovery requires administrator intervention using the stop maintenance command.
Technical ContextAI
The vulnerability stems from incorrect privilege assignment to the CLI start maintenance command in Cisco IOS XE Software, classified under CWE-266 (Improper Privilege Management). Cisco IOS XE is the software platform running on Cisco Catalyst, ASR, ISR, and other enterprise network devices, where the CLI serves as the primary management interface. The affected software component (cpe:2.3:a:cisco:cisco_ios_xe_software) spans versions 16.6.1 through 17.18.1a, representing multiple major release families. The root cause is that the start maintenance command should be restricted to high-privilege administrative users but is instead accessible to low-privileged authenticated users, allowing them to invoke system-level device state transitions that result in interface shutdown and network unavailability.
RemediationAI
Customers must upgrade Cisco IOS XE Software to patched versions identified in Cisco's official security advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mntc-dos-LZweQcyq, with specific recommended versions provided per device platform and release train. As an interim mitigation, restrict CLI access through role-based access control (RBAC) by assigning low-privileged users to privilege levels that exclude access to the start maintenance command; ensure only administrative staff retain privilege level 15 access. Additionally, implement network segmentation and access control lists to limit which subnets and users can establish CLI sessions to network devices, and employ monitoring to alert on any start maintenance command execution. Given the reversibility of the DoS (the stop maintenance command immediately restores service), organizations should also ensure procedures are in place for rapid incident response to quickly issue stop maintenance if the command is inadvertently or maliciously executed.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15440