Cisco Alert: Public Vulnerabilities in IOS XE Risk Service Denial and Privilege Escalation
Ddos 
Cisco has issued important security advisories for two distinct vulnerabilities within its Cisco IOS XE Software, targeting the Command Line Interface (CLI) and the Lobby Ambassador management API. The flaws could allow authenticated attackers to either paralyze network operations or elevate their access levels to reach restricted management tools.
The Cisco Product Security Incident Response Team (PSIRT) has confirmed that it “is aware that a public announcement is available for the vulnerability that is described in this advisory” for both cases. While the details are public, Cisco reports they are not currently aware of any malicious exploitation in the wild.
CVE-2026-20110 (CVSS Score: 6.5): Cisco IOS XE Software Denial of Service Vulnerability
A vulnerability in the CLI of Cisco IOS XE could allow an authenticated, local attacker to trigger a Denial of Service (DoS) condition. This issue stems from incorrect privileges being associated with the start maintenance command.
A low-privileged user with CLI access can execute the maintenance command without proper authorization. A successful exploit allows an attacker to “put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition”.
If exploited, a legitimate administrator must connect to the CLI and use the stop maintenance command to restore network traffic.
Cisco has released a manual workaround for this flaw. Administrators can reassign the privilege level of the command to level 15 (the highest administrative level) using the following configuration:
CVE-2026-20114 (CVSS Score: 5.4): Cisco IOS XE Software Lobby Ambassador Privilege Escalation Flaw
A separate flaw in the Lobby Ambassador web-based management API could allow authenticated, remote attackers to gain access to unauthorized management APIs. The vulnerability exists because “parameters that are received by an API endpoint are not sufficiently validated”.
By sending a crafted HTTP request, an attacker authenticated as a Lobby Ambassador can “create a new user with privilege level 1 access to the web-based management API”. The attacker can then use these new credentials to access device functions that should be restricted.
Identifying Affected Devices
To determine if your hardware is at risk for the Lobby Ambassador flaw, use the following command in privileged EXEC mode:
If the output returns type lobby-admin, your device is configured with Lobby Ambassadors and is vulnerable. The DoS vulnerability (CVE-2026-20110) affects IOS XE regardless of specific device configurations.
Remediation
Cisco has released comprehensive software updates to address both vulnerabilities. While a workaround exists for the CLI-based DoS flaw, “there are no workarounds that address” the Lobby Ambassador privilege escalation.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
