{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20113", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.375Z", "datePublished": "2026-03-25T16:08:39.046Z", "dateUpdated": "2026-03-25T16:08:39.046Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-25T16:08:39.046Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user.\r\n\r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to arbitrarily inject log entries, manipulate the structure of log files, or obscure legitimate log events."}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XE Software", "versions": [{"version": "16.6.1", "status": "affected"}, {"version": "16.6.2", "status": "affected"}, {"version": "16.6.3", "status": "affected"}, {"version": "16.6.4", "status": "affected"}, {"version": "16.6.5", "status": "affected"}, {"version": "16.6.4a", "status": "affected"}, {"version": "16.6.5a", "status": "affected"}, {"version": "16.6.6", "status": "affected"}, {"version": "16.6.7", "status": "affected"}, {"version": "16.6.8", "status": "affected"}, {"version": "16.6.9", "status": "affected"}, {"version": "16.6.10", "status": "affected"}, {"version": "16.7.1", "status": "affected"}, {"version": "16.7.1a", "status": "affected"}, {"version": "16.7.1b", "status": "affected"}, {"version": "16.7.2", "status": "affected"}, {"version": "16.7.3", "status": "affected"}, {"version": "16.7.4", "status": "affected"}, {"version": "16.8.1", "status": "affected"}, {"version": "16.8.1a", "status": "affected"}, {"version": "16.8.1b", "status": "affected"}, {"version": "16.8.1s", "status": "affected"}, {"version": "16.8.1c", "status": "affected"}, {"version": "16.8.1d", "status": "affected"}, {"version": "16.8.2", "status": "affected"}, {"version": "16.8.1e", "status": "affected"}, {"version": "16.8.3", "status": "affected"}, {"version": "16.9.1", "status": "affected"}, {"version": "16.9.2", "status": "affected"}, {"version": "16.9.1a", "status": "affected"}, {"version": "16.9.1b", "status": "affected"}, {"version": "16.9.1s", "status": "affected"}, {"version": "16.9.3", "status": "affected"}, {"version": "16.9.4", "status": "affected"}, {"version": "16.9.5", "status": "affected"}, {"version": "16.9.5f", "status": "affected"}, {"version": "16.9.6", "status": "affected"}, {"version": "16.9.7", "status": "affected"}, {"version": "16.9.8", "status": "affected"}, {"version": "16.10.1", "status": "affected"}, {"version": "16.10.1a", "status": "affected"}, {"version": "16.10.1b", "status": "affected"}, {"version": "16.10.1s", "status": "affected"}, {"version": "16.10.1c", "status": "affected"}, {"version": "16.10.1e", "status": "affected"}, {"version": "16.10.1d", "status": "affected"}, {"version": "16.10.2", "status": "affected"}, {"version": "16.10.1f", "status": "affected"}, {"version": "16.10.1g", "status": "affected"}, {"version": "16.10.3", "status": "affected"}, {"version": "16.11.1", "status": "affected"}, {"version": "16.11.1a", "status": "affected"}, {"version": "16.11.1b", "status": "affected"}, {"version": "16.11.2", "status": "affected"}, {"version": "16.11.1s", "status": "affected"}, {"version": "16.12.1", "status": "affected"}, {"version": "16.12.1s", "status": "affected"}, {"version": "16.12.1a", "status": "affected"}, {"version": "16.12.1c", "status": "affected"}, {"version": "16.12.1w", "status": "affected"}, {"version": "16.12.2", "status": "affected"}, {"version": "16.12.1y", "status": "affected"}, {"version": "16.12.2a", "status": "affected"}, {"version": "16.12.3", "status": "affected"}, {"version": "16.12.8", "status": "affected"}, {"version": "16.12.2s", "status": "affected"}, {"version": "16.12.1x", "status": "affected"}, {"version": "16.12.1t", "status": "affected"}, {"version": "16.12.4", "status": "affected"}, {"version": "16.12.3s", "status": "affected"}, {"version": "16.12.3a", "status": "affected"}, {"version": "16.12.4a", "status": "affected"}, {"version": "16.12.5", "status": "affected"}, {"version": "16.12.6", "status": "affected"}, {"version": "16.12.1z1", "status": "affected"}, {"version": "16.12.5a", "status": "affected"}, {"version": "16.12.5b", "status": "affected"}, {"version": "16.12.1z2", "status": "affected"}, {"version": "16.12.6a", "status": "affected"}, {"version": "16.12.7", "status": "affected"}, {"version": "16.12.10a", "status": "affected"}, {"version": "16.12.11", "status": "affected"}, {"version": "17.1.1", "status": "affected"}, {"version": "17.1.1a", "status": "affected"}, {"version": "17.1.1s", "status": "affected"}, {"version": "17.1.1t", "status": "affected"}, {"version": "17.1.3", "status": "affected"}, {"version": "17.2.1", "status": "affected"}, {"version": "17.2.1r", "status": "affected"}, {"version": "17.2.1a", "status": "affected"}, {"version": "17.2.1v", "status": "affected"}, {"version": "17.2.2", "status": "affected"}, {"version": "17.2.3", "status": "affected"}, {"version": "17.3.1", "status": "affected"}, {"version": "17.3.2", "status": "affected"}, {"version": "17.3.3", "status": "affected"}, {"version": "17.3.1a", "status": "affected"}, {"version": "17.3.1w", "status": "affected"}, {"version": "17.3.2a", "status": "affected"}, {"version": "17.3.1x", "status": "affected"}, {"version": "17.3.1z", "status": "affected"}, {"version": "17.3.4", "status": "affected"}, {"version": "17.3.5", "status": "affected"}, {"version": "17.3.4a", "status": "affected"}, {"version": "17.3.6", "status": "affected"}, {"version": "17.3.4b", "status": "affected"}, {"version": "17.3.4c", "status": "affected"}, {"version": "17.3.5a", "status": "affected"}, {"version": "17.3.5b", "status": "affected"}, {"version": "17.3.7", "status": "affected"}, {"version": "17.3.8", "status": "affected"}, {"version": "17.3.8a", "status": "affected"}, {"version": "17.4.1", "status": "affected"}, {"version": "17.4.2", "status": "affected"}, {"version": "17.4.1a", "status": "affected"}, {"version": "17.4.1b", "status": "affected"}, {"version": "17.4.2a", "status": "affected"}, {"version": "17.5.1", "status": "affected"}, {"version": "17.5.1a", "status": "affected"}, {"version": "17.6.1", "status": "affected"}, {"version": "17.6.2", "status": "affected"}, {"version": "17.6.1w", "status": "affected"}, {"version": "17.6.1a", "status": "affected"}, {"version": "17.6.1x", "status": "affected"}, {"version": "17.6.3", "status": "affected"}, {"version": "17.6.1y", "status": "affected"}, {"version": "17.6.1z", "status": "affected"}, {"version": "17.6.3a", "status": "affected"}, {"version": "17.6.4", "status": "affected"}, {"version": "17.6.1z1", "status": "affected"}, {"version": "17.6.5", "status": "affected"}, {"version": "17.6.6", "status": "affected"}, {"version": "17.6.6a", "status": "affected"}, {"version": "17.6.5a", "status": "affected"}, {"version": "17.6.7", "status": "affected"}, {"version": "17.6.8", "status": "affected"}, {"version": "17.6.8a", "status": "affected"}, {"version": "17.7.1", "status": "affected"}, {"version": "17.7.1a", "status": "affected"}, {"version": "17.7.1b", "status": "affected"}, {"version": "17.7.2", "status": "affected"}, {"version": "17.10.1", "status": "affected"}, {"version": "17.10.1a", "status": "affected"}, {"version": "17.10.1b", "status": "affected"}, {"version": "17.8.1", "status": "affected"}, {"version": "17.8.1a", "status": "affected"}, {"version": "17.9.1", "status": "affected"}, {"version": "17.9.1w", "status": "affected"}, {"version": "17.9.2", "status": "affected"}, {"version": "17.9.1a", "status": "affected"}, {"version": "17.9.1x", "status": "affected"}, {"version": "17.9.1y", "status": "affected"}, {"version": "17.9.3", "status": "affected"}, {"version": "17.9.2a", "status": "affected"}, {"version": "17.9.1x1", "status": "affected"}, {"version": "17.9.3a", "status": "affected"}, {"version": "17.9.4", "status": "affected"}, {"version": "17.9.1y1", "status": "affected"}, {"version": "17.9.5", "status": "affected"}, {"version": "17.9.4a", "status": "affected"}, {"version": "17.9.5a", "status": "affected"}, {"version": "17.9.5b", "status": "affected"}, {"version": "17.9.6", "status": "affected"}, {"version": "17.9.6a", "status": "affected"}, {"version": "17.9.7", "status": "affected"}, {"version": "17.9.5e", "status": "affected"}, {"version": "17.9.5f", "status": "affected"}, {"version": "17.9.8", "status": "affected"}, {"version": "17.9.7a", "status": "affected"}, {"version": "17.9.7b", "status": "affected"}, {"version": "17.11.1", "status": "affected"}, {"version": "17.11.1a", "status": "affected"}, {"version": "17.12.1", "status": "affected"}, {"version": "17.12.1w", "status": "affected"}, {"version": "17.12.1a", "status": "affected"}, {"version": "17.12.1x", "status": "affected"}, {"version": "17.12.2", "status": "affected"}, {"version": "17.12.3", "status": "affected"}, {"version": "17.12.2a", "status": "affected"}, {"version": "17.12.1y", "status": "affected"}, {"version": "17.12.1z", "status": "affected"}, {"version": "17.12.4", "status": "affected"}, {"version": "17.12.3a", "status": "affected"}, {"version": "17.12.1z1", "status": "affected"}, {"version": "17.12.1z2", "status": "affected"}, {"version": "17.12.4a", "status": "affected"}, {"version": "17.12.5", "status": "affected"}, {"version": "17.12.4b", "status": "affected"}, {"version": "17.12.1z3", "status": "affected"}, {"version": "17.12.5a", "status": "affected"}, {"version": "17.12.1z4", "status": "affected"}, {"version": "17.12.6", "status": "affected"}, {"version": "17.12.5b", "status": "affected"}, {"version": "17.12.5c", "status": "affected"}, {"version": "17.12.6a", "status": "affected"}, {"version": "17.12.5d", "status": "affected"}, {"version": "17.12.1z5", "status": "affected"}, {"version": "17.12.1z6", "status": "affected"}, {"version": "17.12.6b", "status": "affected"}, {"version": "17.13.1", "status": "affected"}, {"version": "17.13.1a", "status": "affected"}, {"version": "17.14.1", "status": "affected"}, {"version": "17.14.1a", "status": "affected"}, {"version": "17.15.1", "status": "affected"}, {"version": "17.15.1w", "status": "affected"}, {"version": "17.15.1a", "status": "affected"}, {"version": "17.15.2", "status": "affected"}, {"version": "17.15.1b", "status": "affected"}, {"version": "17.15.1x", "status": "affected"}, {"version": "17.15.1z", "status": "affected"}, {"version": "17.15.3", "status": "affected"}, {"version": "17.15.2c", "status": "affected"}, {"version": "17.15.2a", "status": "affected"}, {"version": "17.15.1y", "status": "affected"}, {"version": "17.15.2b", "status": "affected"}, {"version": "17.15.3a", "status": "affected"}, {"version": "17.15.4", "status": "affected"}, {"version": "17.15.3b", "status": "affected"}, {"version": "17.15.4d", "status": "affected"}, {"version": "17.15.4e", "status": "affected"}, {"version": "17.16.1", "status": "affected"}, {"version": "17.16.1a", "status": "affected"}, {"version": "17.17.1", "status": "affected"}, {"version": "17.18.1", "status": "affected"}, {"version": "17.18.1w", "status": "affected"}, {"version": "17.18.1a", "status": "affected"}, {"version": "17.18.1x", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of CRLF Sequences ('CRLF Injection')", "type": "cwe", "cweId": "CWE-93"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-crlf-NvgKTKJZ", "name": "cisco-sa-iox-crlf-NvgKTKJZ"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that a public announcement is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-iox-crlf-NvgKTKJZ", "discovery": "EXTERNAL", "defects": ["CSCwq69499"]}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user.\r\n\r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to arbitrarily inject log entries, manipulate the structure of log files, or obscure legitimate log events."}], "id": "CVE-2026-20113", "lastModified": "2026-03-25T16:16:15.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-03-25T16:16:15.637", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-crlf-NvgKTKJZ"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-93"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.6.4a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.6.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.6.5a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.6.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.7.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.7.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.7.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.7.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.7.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.7.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.8.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.8.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.8.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.8.1s"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.8.1c"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.8.1d"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.8.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.8.1e"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.8.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.9.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.9.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.9.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.9.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.9.1s"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.9.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.9.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.9.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.9.5f"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.9.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.9.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.9.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.10.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.10.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.10.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.10.1s"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.10.1c"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.10.1e"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.10.1d"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.10.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.10.1f"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.10.1g"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.10.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.11.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.11.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.11.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.11.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.11.1s"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.12.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1s"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1c"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1w"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.12.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1y"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.2a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.12.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.12.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.2s"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1x"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1t"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.12.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.3s"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.3a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.4a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.12.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1z1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.5a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.5b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.1z2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.6a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16.12.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.12.10a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "16.12.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.1.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.1.1s"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.1.1t"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.1.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.2.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.2.1r"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.2.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.2.1v"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.2.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.2.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.3.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.3.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.1w"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.2a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.1x"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.1z"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.3.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.3.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.4a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.4b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.4c"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.5a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.5b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.3.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.3.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.3.8a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.4.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.4.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.4.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.4.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.4.2a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.5.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.5.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.6.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.6.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.1w"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.1x"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.6.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.6.1y"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.1z"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.3a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.6.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.1z1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.6.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.6.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.6a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.5a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.6.8a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.7.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.7.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.7.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.7.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.10.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.10.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.10.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.8.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.8.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.1w"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.1x"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.1y"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.9.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.2a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.1x1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.3a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.1y1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.4a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.5a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.5b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.6a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.5e"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.5f"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.7a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.9.7b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.11.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.11.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "17.12.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1w"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1x"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.2a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1y"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1z"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.3a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1z1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1z2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.4a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.4b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1z3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.5a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1z4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.5b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.5c"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.6a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.5d"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1z5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.1z6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.12.6b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.13.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.13.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.14.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.14.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.1w"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.1b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.1x"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.1z"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.2c"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.2a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.1y"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.2b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.3a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.3b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.4d"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.15.4e"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.16.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.16.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.17.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.18.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.18.1w"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.18.1a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.18.1x"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "Cisco IOS XE Software", "source": "cna", "vendor": "Cisco"}, "product": "ios_xe_software", "vendor": "cisco"}], "analysis": {"en": {"generated_at": "2026-03-25T19:32:37.197581+00:00", "value": {"mitigation_remediation": ["Review Cisco\u2019s security advisory and download the latest IOS XE firmware that addresses the CRLF injection issue.", "Apply the firmware update to all affected devices.", "Restrict external access to the IOx management interface using firewalls or VLAN segmentation.", "Continuously monitor system logs for unexpected entries or anomalies that may indicate exploitation.", "If an immediate patch is not possible, isolate the affected environment until a fix is applied."], "summary": {"action": "Apply Patch", "impact": "Log Manipulation"}, "threat_synthesis": {"affected_systems": "Affected product is Cisco IOS\u202fXE Software. The advisory does not list specific versions, so all releases that include the IOx management interface should be checked for applicability.", "description_and_impact": "The CVE describes an unauthenticated, remote carriage-return line-feed injection vulnerability in Cisco IOx\u2019s web-based management interface. Exploitation allows an attacker to inject arbitrary log entries and alter the structure of log files, potentially obscuring legitimate events. The weakness is an input validation flaw (CWE\u201193) that can compromise audit trail integrity.", "risk_and_exploitability": "The CVSS base score of 5.3 indicates moderate risk. No EPSS score is published and the vulnerability is not listed in CISA\u2019s KEV catalog. Attack vectors are inferred to be via an unauthenticated remote connection to the web interface; any host with network access to the management port can craft malicious packets to perform the injection."}}}}, "created": "2026-03-25T21:35:36.427884+00:00", "title": "Unauthenticated CRLF Injection in Cisco IOx Log Management", "updated": "2026-03-26T11:42:40.379723+00:00", "vendors": ["cisco", "cisco$PRODUCT$ios_xe_software"]}