Description
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition. In case of exploitation, a device administrator can connect to the CLI and use the stop maintenance command to restore operations.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

An authenticated local attacker who has low‑privilege access to the device’s management CLI can issue the start maintenance command, which the system incorrectly authorizes. The command forces the device into maintenance mode, shutting down all interfaces and disabling network service, resulting in a denial of service. The flaw is an example of improper privilege management (CWE‑266).

Affected Systems

Cisco IOS XE Software. Specific version information is not published in the advisory, so any installation that allows the start maintenance command via the CLI could be vulnerable.

Risk and Exploitability

The CVSS base score of 6.5 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalogue. Exploitation requires only local authenticated access, meaning a user with low‑privilege rights on the device can trigger the denial of service. Remote exploitation is not described, so the attack surface is limited to insiders who have physical or pre‑authenticated network access.

Generated by OpenCVE AI on March 25, 2026 at 19:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cisco IOS XE Software to the latest revision that removes the privilege mismatch for the start maintenance command.
  • If an upgrade cannot be performed immediately, reconfigure local user roles so that the start maintenance command is denied to low‑privilege accounts.
  • Regularly monitor device logs for unexpected entry into maintenance mode and verify that only authorized personnel execute the stop maintenance command to restore service.
  • Separate management, control, and data planes to restrict unintended command propagation.

Generated by OpenCVE AI on March 25, 2026 at 19:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xe Software
Vendors & Products Cisco
Cisco ios Xe Software

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Authenticated Local Attacker Can Force Cisco IOS XE Into Maintenance Mode, Causing Denial of Service

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition. In case of exploitation, a device administrator can connect to the CLI and use the stop maintenance command to restore operations.
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Ios Xe Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-27T15:01:27.694Z

Reserved: 2025-10-08T11:59:15.374Z

Link: CVE-2026-20110

cve-icon Vulnrichment

Updated: 2026-03-27T15:01:24.998Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T16:16:14.630

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-20110

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:42:44Z

Weaknesses