Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability
Monitor6.5cisco-sa-scp-dos-duAdXtCgMar 25, 2026
Cisco
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service condition on an affected device. The vulnerability is due to improper handling of a malformed SCP request. An attacker could exploit this by issuing a crafted command through SSH, causing the device to reload unexpectedly.
What this means
What could happen
An attacker with SSH access and low privileges could crash your router or switch by sending a malformed SCP command, taking it offline until manual intervention restarts the device.
Who's at risk
Network operators running Cisco IOS XE on routers and switches (versions 16.10.1 through 3.9.1E) with SCP server enabled and user account access should prioritize this patch. This affects campus edge routers, WAN edge devices, and any infrastructure where SSH access is available.
How it could be exploited
An attacker with SSH credentials to your device could connect and send a specially crafted SCP command that triggers improper request handling in the SCP server, forcing an unexpected device reload.
Prerequisites
- SSH access to the Cisco IOS XE device
- Valid local user account with low privilege level
- SCP server feature enabled on the device
locally exploitablelow privilege requiredno workarounds availableaffects network infrastructure devices
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
Cisco IOS XE Software Secure Copy Protocol Server16.10.1 through 3.9.1EFix available
Remediation & Mitigation
0/3
Do now
0/2WORKAROUNDRestrict SSH access to the device using access control lists or authentication controls, limiting to trusted administration workstations only
HARDENINGDisable the SCP server feature if it is not actively in use in your environment
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Cisco IOS XE software to the fixed version released by Cisco
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9af69963-11c2-4578-ac11-9e843dfb7c66Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.