CVE-2026-20114

MEDIUM

Cisco IOS XE Software <16.11.1 - Privilege Escalation

Title source: llm

Description

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-lobby-privesc-KwxBqJy

Scores

CVSS v3 5.4

EPSS 0.0004

EPSS Percentile 10.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1286

Status published

Products (50)

Cisco/Cisco IOS XE Software 16.11.1

Cisco/Cisco IOS XE Software 16.11.1a

Cisco/Cisco IOS XE Software 16.11.1b

Cisco/Cisco IOS XE Software 16.11.1s

Cisco/Cisco IOS XE Software 16.11.2

Cisco/Cisco IOS XE Software 16.12.1

Cisco/Cisco IOS XE Software 16.12.10

Cisco/Cisco IOS XE Software 16.12.10a

Cisco/Cisco IOS XE Software 16.12.11

Cisco/Cisco IOS XE Software 16.12.12

... and 40 more

Published Mar 25, 2026

Tracked Since Mar 25, 2026