CVE-2026-20110Incorrect Privilege Assignment in Cisco IOS XE Software

CWE-266Incorrect Privilege Assignment4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 94.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE Software
Timeline
PublishedMar 25

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xe_software230 versions+229

🔴Vulnerability Details

2
CVEList
CVE-2026-20110: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an af2026-03-25
GHSA
GHSA-5hv6-p93j-6mjg: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an af2026-03-25

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Denial of Service Vulnerability2026-03-25
CVE-2026-20110 — Incorrect Privilege Assignment | cvebase