anonhaven
Ad

CVE-2026-20115

MEDIUM CVSS 3.1: 6.1
Updated Mar 25, 2026
Cisco
Parameter Value
CVSS 6.1 (MEDIUM)
Type CWE-319 (Cleartext Transmission)
Vendor Cisco
Public PoC No

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard.

A successful exploit could allow the attacker to view sensitive device configuration information.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-319 Cleartext Transmission

References 1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c…
psirt@cisco.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-20125

Cisco

7.7

CVE-2026-20114

Cisco

5.4

CVE-2026-20113

Cisco

5.3

CVE-2026-20112

Cisco

4.8

CVE-2026-20110

Cisco

6.5