6.1

CVE-2026-20115

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.

 This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
Produkt Cisco IOS XE Software
Version 17.14.1
Status affected
Version 17.14.1a
Status affected
Version 17.15.1
Status affected
Version 17.15.1w
Status affected
Version 17.15.1a
Status affected
Version 17.15.2
Status affected
Version 17.15.1b
Status affected
Version 17.15.1x
Status affected
Version 17.15.1z
Status affected
Version 17.15.3
Status affected
Version 17.15.2c
Status affected
Version 17.15.2a
Status affected
Version 17.15.1y
Status affected
Version 17.15.2b
Status affected
Version 17.15.3a
Status affected
Version 17.15.4
Status affected
Version 17.15.3b
Status affected
Version 17.15.4d
Status affected
Version 17.15.4e
Status affected
Version 17.16.1
Status affected
Version 17.16.1a
Status affected
Version 17.17.1
Status affected
Version 17.18.1
Status affected
Version 17.18.1w
Status affected
Version 17.18.1a
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.038
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 6.1 1.6 4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.