Skip to main content

Cisco EUVDEUVD-2026-15440

| CVE-2026-20110 MEDIUM
Incorrect Privilege Assignment (CWE-266)
2026-03-25 cisco
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:16 euvd
EUVD-2026-15440
Analysis Generated
Mar 25, 2026 - 16:16 vuln.today
CVE Published
Mar 25, 2026 - 16:06 nvd
MEDIUM 6.5

DescriptionCVE.org

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition. In case of exploitation, a device administrator can connect to the CLI and use the stop maintenance command to restore operations.

AnalysisAI

Insufficient privilege validation on the start maintenance command in Cisco IOS XE Software enables authenticated local attackers to trigger a denial of service by placing devices into maintenance mode, which disables network interfaces. Low-privileged users can exploit this via CLI access without administrative credentials. Device recovery requires administrator intervention using the stop maintenance command.

Technical ContextAI

The vulnerability stems from incorrect privilege assignment to the CLI start maintenance command in Cisco IOS XE Software, classified under CWE-266 (Improper Privilege Management). Cisco IOS XE is the software platform running on Cisco Catalyst, ASR, ISR, and other enterprise network devices, where the CLI serves as the primary management interface. The affected software component (cpe:2.3:a:cisco:cisco_ios_xe_software) spans versions 16.6.1 through 17.18.1a, representing multiple major release families. The root cause is that the start maintenance command should be restricted to high-privilege administrative users but is instead accessible to low-privileged authenticated users, allowing them to invoke system-level device state transitions that result in interface shutdown and network unavailability.

RemediationAI

Customers must upgrade Cisco IOS XE Software to patched versions identified in Cisco's official security advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mntc-dos-LZweQcyq, with specific recommended versions provided per device platform and release train. As an interim mitigation, restrict CLI access through role-based access control (RBAC) by assigning low-privileged users to privilege levels that exclude access to the start maintenance command; ensure only administrative staff retain privilege level 15 access. Additionally, implement network segmentation and access control lists to limit which subnets and users can establish CLI sessions to network devices, and employ monitoring to alert on any start maintenance command execution. Given the reversibility of the DoS (the stop maintenance command immediately restores service), organizations should also ensure procedures are in place for rapid incident response to quickly issue stop maintenance if the command is inadvertently or maliciously executed.

Share

EUVD-2026-15440 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy