"According to OPSWAT, which discovered and reported the security defects, attackers could chain two of these flaws, CVE-2026-20114 and CVE-2026-20110, to escalate privileges and cause a persistent DoS condition that may require manual intervention to resolve."
"Impacting the Lobby Ambassador web-based management API, CVE-2026-20114 exists because parameters are not sufficiently validated, allowing attackers logged in as a Lobby Ambassador to create a new user privilege level 1 access to the API and access the device."
"By chaining the initial privilege escalation with the subsequent command injection, the maintenance operation could be triggered - resulting in a persistent Denial-of-Service condition. In validated scenarios, restoring normal functionality required physical access to the device, significantly amplifying operational impact."
Cisco announced patches addressing a dozen vulnerabilities in IOS and IOS XE, with a focus on preventing denial-of-service conditions. Four medium-severity defects, affecting Catalyst 9300 Series switches, were publicly disclosed. Attackers could exploit two of these flaws to escalate privileges and create persistent DoS conditions. The vulnerabilities stem from insufficient validation of parameters and incorrect privilege associations. Cisco's updates also resolved six high-severity vulnerabilities, enhancing overall security for affected devices.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]