Main Vulnerability Database Vulnerabilities #VU124589

#VU124589 Cleartext Transmission of Sensitive Information in Cisco IOS XE - CVE-2026-20115

Published: March 25, 2026

Vulnerability identifier: #VU124589

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-20115

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper use of a secure channel in the device configuration upload process when handling communication with the Cisco Meraki Dashboard. A remote attacker can conduct an on-path attack to disclose sensitive device configuration information.

Exploitation requires user interaction in the form of an on-path position between the affected device and the Cisco Meraki Dashboard.

Remediation

Install security update from vendor's website.

#VU124589 Cleartext Transmission of Sensitive Information in Cisco IOS XE - CVE-2026-20115

Description

Remediation

External links

Please verify you're human