CVE-2026-20115

MEDIUM6.1

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information

Published Mar 25, 2026

Modified 4 weeks ago

Details

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.

This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information.

References

WEB

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe_infodis-6J847uEB

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-20115

CVSS Analysis

CVSS v3.1

6.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

6.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

Weakness Type (CWE)

Other

CWE-319

Ecosystems

Timeline

PublishedMar 25, 2026

ModifiedMar 25, 2026