5.4
CVE-2026-20114
- EPSS 0.04%
- Veröffentlicht 25.03.2026 16:16:16
- Zuletzt bearbeitet 26.03.2026 15:13:15
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco IOS XE Software
Version
16.11.1
Status
affected
Version
16.11.1a
Status
affected
Version
16.11.1b
Status
affected
Version
16.11.2
Status
affected
Version
16.11.1s
Status
affected
Version
16.12.1
Status
affected
Version
16.12.1s
Status
affected
Version
16.12.1a
Status
affected
Version
16.12.1c
Status
affected
Version
16.12.1w
Status
affected
Version
16.12.2
Status
affected
Version
16.12.1y
Status
affected
Version
16.12.2a
Status
affected
Version
16.12.3
Status
affected
Version
16.12.8
Status
affected
Version
16.12.2s
Status
affected
Version
16.12.1x
Status
affected
Version
16.12.1t
Status
affected
Version
16.12.4
Status
affected
Version
16.12.3s
Status
affected
Version
16.12.3a
Status
affected
Version
16.12.4a
Status
affected
Version
16.12.5
Status
affected
Version
16.12.6
Status
affected
Version
16.12.1z1
Status
affected
Version
16.12.5a
Status
affected
Version
16.12.5b
Status
affected
Version
16.12.1z2
Status
affected
Version
16.12.6a
Status
affected
Version
16.12.7
Status
affected
Version
16.12.9
Status
affected
Version
16.12.10
Status
affected
Version
16.12.10a
Status
affected
Version
16.12.11
Status
affected
Version
16.12.12
Status
affected
Version
16.12.13
Status
affected
Version
16.12.14
Status
affected
Version
17.1.1
Status
affected
Version
17.1.1a
Status
affected
Version
17.1.1s
Status
affected
Version
17.1.1t
Status
affected
Version
17.1.3
Status
affected
Version
17.2.1
Status
affected
Version
17.2.1r
Status
affected
Version
17.2.1a
Status
affected
Version
17.2.1v
Status
affected
Version
17.2.2
Status
affected
Version
17.2.3
Status
affected
Version
17.3.1
Status
affected
Version
17.3.2
Status
affected
Version
17.3.3
Status
affected
Version
17.3.1a
Status
affected
Version
17.3.1w
Status
affected
Version
17.3.2a
Status
affected
Version
17.3.1x
Status
affected
Version
17.3.1z
Status
affected
Version
17.3.4
Status
affected
Version
17.3.5
Status
affected
Version
17.3.4a
Status
affected
Version
17.3.6
Status
affected
Version
17.3.4b
Status
affected
Version
17.3.4c
Status
affected
Version
17.3.5a
Status
affected
Version
17.3.5b
Status
affected
Version
17.3.7
Status
affected
Version
17.3.8
Status
affected
Version
17.3.8a
Status
affected
Version
17.4.1
Status
affected
Version
17.4.2
Status
affected
Version
17.4.1a
Status
affected
Version
17.4.1b
Status
affected
Version
17.4.2a
Status
affected
Version
17.5.1
Status
affected
Version
17.5.1a
Status
affected
Version
17.6.1
Status
affected
Version
17.6.2
Status
affected
Version
17.6.1w
Status
affected
Version
17.6.1a
Status
affected
Version
17.6.1x
Status
affected
Version
17.6.3
Status
affected
Version
17.6.1y
Status
affected
Version
17.6.1z
Status
affected
Version
17.6.3a
Status
affected
Version
17.6.4
Status
affected
Version
17.6.1z1
Status
affected
Version
17.6.5
Status
affected
Version
17.6.6
Status
affected
Version
17.6.6a
Status
affected
Version
17.6.5a
Status
affected
Version
17.6.7
Status
affected
Version
17.6.8
Status
affected
Version
17.6.8a
Status
affected
Version
17.7.1
Status
affected
Version
17.7.1a
Status
affected
Version
17.7.1b
Status
affected
Version
17.7.2
Status
affected
Version
17.10.1
Status
affected
Version
17.10.1a
Status
affected
Version
17.10.1b
Status
affected
Version
17.8.1
Status
affected
Version
17.8.1a
Status
affected
Version
17.9.1
Status
affected
Version
17.9.1w
Status
affected
Version
17.9.2
Status
affected
Version
17.9.1a
Status
affected
Version
17.9.1x
Status
affected
Version
17.9.1y
Status
affected
Version
17.9.3
Status
affected
Version
17.9.2a
Status
affected
Version
17.9.1x1
Status
affected
Version
17.9.3a
Status
affected
Version
17.9.4
Status
affected
Version
17.9.1y1
Status
affected
Version
17.9.5
Status
affected
Version
17.9.4a
Status
affected
Version
17.9.5a
Status
affected
Version
17.9.5b
Status
affected
Version
17.9.6
Status
affected
Version
17.9.6a
Status
affected
Version
17.9.7
Status
affected
Version
17.9.5e
Status
affected
Version
17.9.5f
Status
affected
Version
17.9.8
Status
affected
Version
17.9.7a
Status
affected
Version
17.9.7b
Status
affected
Version
17.11.1
Status
affected
Version
17.11.1a
Status
affected
Version
17.12.1
Status
affected
Version
17.12.1w
Status
affected
Version
17.12.1a
Status
affected
Version
17.12.1x
Status
affected
Version
17.12.2
Status
affected
Version
17.12.3
Status
affected
Version
17.12.2a
Status
affected
Version
17.12.1y
Status
affected
Version
17.12.1z
Status
affected
Version
17.12.4
Status
affected
Version
17.12.3a
Status
affected
Version
17.12.1z1
Status
affected
Version
17.12.1z2
Status
affected
Version
17.12.4a
Status
affected
Version
17.12.5
Status
affected
Version
17.12.4b
Status
affected
Version
17.12.1z3
Status
affected
Version
17.12.5a
Status
affected
Version
17.12.1z4
Status
affected
Version
17.12.5b
Status
affected
Version
17.12.5c
Status
affected
Version
17.12.5d
Status
affected
Version
17.13.1
Status
affected
Version
17.13.1a
Status
affected
Version
17.14.1
Status
affected
Version
17.14.1a
Status
affected
Version
17.15.1
Status
affected
Version
17.15.1w
Status
affected
Version
17.15.1a
Status
affected
Version
17.15.2
Status
affected
Version
17.15.1b
Status
affected
Version
17.15.1x
Status
affected
Version
17.15.1z
Status
affected
Version
17.15.3
Status
affected
Version
17.15.2c
Status
affected
Version
17.15.2a
Status
affected
Version
17.15.1y
Status
affected
Version
17.15.2b
Status
affected
Version
17.15.3a
Status
affected
Version
17.15.4
Status
affected
Version
17.15.3b
Status
affected
Version
17.15.4d
Status
affected
Version
17.15.4e
Status
affected
Version
17.16.1
Status
affected
Version
17.16.1a
Status
affected
Version
17.17.1
Status
affected
Version
17.18.1
Status
affected
Version
17.18.1w
Status
affected
Version
17.18.1a
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.105 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-1286 Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.