CVE-2026-20115

Published: Mar 25, 2026 Last Modified: Mar 25, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.

This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information.

319

Cleartext Transmission of Sensitive Information

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality

Potential Impacts:

Read Application Data Modify Files Or Directories Other

Applicable Platforms

Technologies: Cloud Computing, ICS/OT, Mobile, Not Technology-Specific, System on Chip, Test/Debug Hardware

Likelihood of Exploit: High

View CWE Details

https://sec.cloudapps.cisco.com/security/center/content/Cis…

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c…

CVE-2026-20115

Description

Cleartext Transmission of Sensitive Information

Common Consequences

Applicable Platforms

Iscriviti alla newsletter