Primary

Context

Cisco IOS XE Software for Meraki Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in Cisco IOS XE Software for Cisco Meraki, allowing remote, unauthenticated attackers to access confidential device information. This issue arises because device configuration uploads are transmitted over an insecure tunnel. Exploitation can occur through an on-path attack between the affected device and the Cisco Meraki Dashboard, potentially exposing sensitive device configuration details.

Impact

Successful exploitation enables unauthorized access to sensitive device configuration information.

Remediation

Cisco has released software updates to address this vulnerability. For guidance on upgrading, consult the Cisco IOS and IOS XE Software Security Advisory Bundled Publication or use the Cisco Software Checker tool to identify the first fixed release.

Added: Mar 25, 2026, 4:20 PM

Updated: Mar 25, 2026, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

5.9

remediation

8.3

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

5.9

remediation

8.3

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco IOS XE Software for Meraki Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco IOS XE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating