Skip to main content

Cisco RoomOS EUVDEUVD-2026-44719

| CVE-2026-20153 HIGH
Improper Input Validation (CWE-20)
2026-07-15 cisco GHSA-qm4f-8gwc-gx49
7.5
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Network-reachable service, no auth or interaction needed (PR:N/UI:N/AC:L); improper input validation yields only device crash/reload, so A:H with C:N/I:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (cisco).

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 15, 2026 - 16:48 vuln.today
CVE Published
Jul 15, 2026 - 16:18 cve.org
HIGH 7.5

DescriptionCVE.org

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.

The vulnerabilities tracked by CVE-2026-20153 are related to improper input validation that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-20.

AnalysisAI

Denial of service in Cisco RoomOS software allows remote, unauthenticated attackers to disrupt device availability through improperly validated input, resulting in a high availability impact (CVSS 7.5). The flaw was internally discovered during a Cisco engineering security review and shipped in a software hardening release bundling multiple CWE-20 input-validation issues. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach RoomOS device over network
Delivery
Send crafted malformed input
Exploit
Trigger CWE-20 validation failure
Execution
Crash or reload service
Impact
Denial of service on endpoint

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to a Cisco RoomOS device's affected input-processing service; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication, user interaction, or special configuration is documented, so default-configured, network-reachable RoomOS endpoints are exposed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are mixed and warrant caution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to a Cisco RoomOS endpoint sends crafted, malformed input to a network-facing service on the device; the improper input validation causes the process to crash or the device to reload, dropping active calls and rendering the room system unavailable. Because no authentication or user interaction is required (PR:N/UI:N) and complexity is low, the attack is repeatable, but no public POC or active exploitation is currently known.
Remediation Patch available per vendor advisory - upgrade Cisco RoomOS to the fixed software hardening release identified in Cisco Security Advisory cisco-sa-hardening-roomos-AqNMbEq (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq); no exact fixed version number is present in the provided data, so consult the advisory for your specific device model and release train. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Cisco RoomOS installations and restrict network access to trusted subnets where operationally feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44719 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy