{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20115", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.376Z", "datePublished": "2026-03-25T16:08:01.917Z", "dateUpdated": "2026-03-25T17:41:48.709Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-25T16:08:01.917Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.\r\n\r This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information."}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XE Software", "versions": [{"version": "17.14.1", "status": "affected"}, {"version": "17.14.1a", "status": "affected"}, {"version": "17.15.1", "status": "affected"}, {"version": "17.15.1w", "status": "affected"}, {"version": "17.15.1a", "status": "affected"}, {"version": "17.15.2", "status": "affected"}, {"version": "17.15.1b", "status": "affected"}, {"version": "17.15.1x", "status": "affected"}, {"version": "17.15.1z", "status": "affected"}, {"version": "17.15.3", "status": "affected"}, {"version": "17.15.2c", "status": "affected"}, {"version": "17.15.2a", "status": "affected"}, {"version": "17.15.1y", "status": "affected"}, {"version": "17.15.2b", "status": "affected"}, {"version": "17.15.3a", "status": "affected"}, {"version": "17.15.4", "status": "affected"}, {"version": "17.15.3b", "status": "affected"}, {"version": "17.15.4d", "status": "affected"}, {"version": "17.15.4e", "status": "affected"}, {"version": "17.16.1", "status": "affected"}, {"version": "17.16.1a", "status": "affected"}, {"version": "17.17.1", "status": "affected"}, {"version": "17.18.1", "status": "affected"}, {"version": "17.18.1w", "status": "affected"}, {"version": "17.18.1a", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Cleartext Transmission of Sensitive Information", "type": "cwe", "cweId": "CWE-319"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe_infodis-6J847uEB", "name": "cisco-sa-iosxe_infodis-6J847uEB"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-iosxe_infodis-6J847uEB", "discovery": "INTERNAL", "defects": ["CSCwp83554"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T17:38:25.744053Z", "id": "CVE-2026-20115", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T17:41:48.709Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20115", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T17:38:25.744053Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T17:41:23.488Z"}}], "cna": {"source": {"defects": ["CSCwp83554"], "advisory": "cisco-sa-iosxe_infodis-6J847uEB", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XE Software", "versions": [{"status": "affected", "version": "17.14.1"}, {"status": "affected", "version": "17.14.1a"}, {"status": "affected", "version": "17.15.1"}, {"status": "affected", "version": "17.15.1w"}, {"status": "affected", "version": "17.15.1a"}, {"status": "affected", "version": "17.15.2"}, {"status": "affected", "version": "17.15.1b"}, {"status": "affected", "version": "17.15.1x"}, {"status": "affected", "version": "17.15.1z"}, {"status": "affected", "version": "17.15.3"}, {"status": "affected", "version": "17.15.2c"}, {"status": "affected", "version": "17.15.2a"}, {"status": "affected", "version": "17.15.1y"}, {"status": "affected", "version": "17.15.2b"}, {"status": "affected", "version": "17.15.3a"}, {"status": "affected", "version": "17.15.4"}, {"status": "affected", "version": "17.15.3b"}, {"status": "affected", "version": "17.15.4d"}, {"status": "affected", "version": "17.15.4e"}, {"status": "affected", "version": "17.16.1"}, {"status": "affected", "version": "17.16.1a"}, {"status": "affected", "version": "17.17.1"}, {"status": "affected", "version": "17.18.1"}, {"status": "affected", "version": "17.18.1w"}, {"status": "affected", "version": "17.18.1a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe_infodis-6J847uEB", "name": "cisco-sa-iosxe_infodis-6J847uEB"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.\r\n\r This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-319", "description": "Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-25T16:08:01.917Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20115", "state": "PUBLISHED", "dateUpdated": "2026-03-25T17:41:48.709Z", "dateReserved": "2025-10-08T11:59:15.376Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-03-25T16:08:01.917Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.\r\n\r This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information."}], "id": "CVE-2026-20115", "lastModified": "2026-03-25T16:16:16.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-03-25T16:16:16.533", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe_infodis-6J847uEB"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T19:55:13.302794+00:00", "value": {"mitigation_remediation": ["Apply the latest Cisco IOS XE firmware update for Cisco Meraki devices as released by Cisco.", "If an update is not yet available, isolate the Meraki device from the Cisco Meraki Dashboard network segment or force dashboard access over a secure VPN tunnel.", "Continuously monitor network traffic for signs of on\u2011path interception and review device logs for abnormal configuration\u2011upload activity."], "summary": {"action": "Immediate Patch", "impact": "Remote unauthenticated disclosure of device configuration"}, "threat_synthesis": {"affected_systems": "Cisco IOS XE Software on Cisco Meraki devices are affected; the advisory does not list specific firmware or release versions, so administrators must verify that their installations run builds that are pending a patch or update from Cisco and follow the vendor\u2019s guidance to identify vulnerable builds.", "description_and_impact": "A configuration\u2011upload process in Cisco IOS XE Software for Cisco Meraki uses an insecure tunnel between the device and the Cisco Meraki Dashboard, allowing anyone who can intercept that traffic to read confidential device configuration data. This represents a lack of encryption or authentication in transit, matching CWE\u2011319, and exposes sensitive operational information that could be leveraged for further attacks.", "risk_and_exploitability": "The CVSS base score of 6.1 indicates moderate severity. The description states that an attacker on the network path between the device and the dashboard can exploit the flaw; this inference is drawn from the mention of an \"on\u2011path attack\" and is not directly listed elsewhere. No EPSS score is available, and the vulnerability is not in the CISA KEV catalog. Because no public patch or workaround is referenced, the risk remains until a vendor update is applied or the device is isolated from the dashboard network segment."}}}}, "created": "2026-03-25T21:30:50.931705+00:00", "title": "Unencrypted Configuration Upload Allows Device Information Disclosure in Cisco Meraki", "updated": "2026-03-25T21:30:50.931728+00:00", "vendors": []}