Cisco IOS XE Software Denial of Service Vulnerability

Monitor6.5cisco-sa-iosxe-mntc-dos-LZweQcyqMar 25, 2026

Cisco

IT in OT - Cisco networking products are commonly deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Cisco IOS XE Software's CLI allows an authenticated, low-privileged user to issue the "start maintenance" command, which the device incorrectly permits. Executing this command puts the affected device into maintenance mode, shutting down all interfaces and causing a denial of service. The device will remain offline until an administrator manually issues the "stop maintenance" command. The vulnerability affects IOS XE versions 16.10.1 through 17.9.8. Cisco has released software updates and a configuration-based workaround that restricts the command to administrator privilege level.

What this means

What could happen

An authenticated user with low privileges could force a device into maintenance mode, shutting down network interfaces and causing loss of connectivity until an administrator manually stops maintenance mode.

Who's at risk

This affects organizations running Cisco IOS XE on routers and switches (versions 16.10.1 through 17.9.8), particularly those with shared or contractor access to device management interfaces.

How it could be exploited

An attacker with low-privilege CLI access (such as a local technician account) runs the "start maintenance" command, which the device incorrectly allows due to insufficient privilege checking. This immediately puts the device into maintenance mode, disabling all interfaces and cutting off network operations.

Prerequisites

Local or remote CLI access as a low-privileged user account (not requiring administrator credentials)
Knowledge of the start maintenance command

Requires local/CLI accessLow attack complexityAuthenticated access requiredCan be mitigated without patching

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Cisco IOS XE16.10.1 through 17.9.8Fix available

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDAs an immediate workaround, connect to the device CLI and run 'privilege exec level 15 start maintenance' to restrict the start maintenance command to administrator-level access only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cisco IOS XE to version 17.9.9 or later to apply the vendor security fix

HARDENINGReview and restrict CLI access credentials to only necessary personnel; remove or disable unnecessary low-privilege user accounts

CVEs (1)

CVE-2026-20110

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4276fcef-a681-495f-8fa3-e10e31a84bfb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.