CVE-2026-20115

EUVD-2026-15447
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.

 This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
ciscoCNA
6.1 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ciscoios_xe
17.14.1
ciscoios_xe
17.14.1a
ciscoios_xe
17.15.1
ciscoios_xe
17.15.1w
ciscoios_xe
17.15.1a
ciscoios_xe
17.15.2
ciscoios_xe
17.15.1b
ciscoios_xe
17.15.1x
ciscoios_xe
17.15.1z
ciscoios_xe
17.15.3
ciscoios_xe
17.15.2c
ciscoios_xe
17.15.2a
ciscoios_xe
17.15.1y
ciscoios_xe
17.15.2b
ciscoios_xe
17.15.3a
ciscoios_xe
17.15.4
ciscoios_xe
17.15.3b
ciscoios_xe
17.15.4d
ciscoios_xe
17.15.4e
ciscoios_xe
17.16.1
ciscoios_xe
17.16.1a
ciscoios_xe
17.17.1
ciscoios_xe
17.18.1
ciscoios_xe
17.18.1w
ciscoios_xe
17.18.1a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe_infodis-6J847uEB