Description
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users.

This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.
Published: 2026-03-25
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to privileged API access
Action: Apply Patch
AI Analysis

Impact

An authenticated remote attacker can send a crafted HTTP request to the Lobby Ambassador web‑based management API of Cisco IOS XE Software. The vulnerability lies in insufficient validation of parameters received by an API endpoint, a weakness categorized as CWE‑1286. A successful exploit allows the creation of a new user with privilege level 1, providing the attacker with access to management APIs that should normally be restricted, potentially enabling configuration changes and other privileged actions.

Affected Systems

Cisco IOS XE Software devices that expose the Lobby Ambassador web‑based management API are affected. No specific version information is supplied, so all installations of this component should be considered potentially vulnerable until a vendor update is applied.

Risk and Exploitability

The CVSS base score of 5.4 indicates medium severity. With no EPSS score available and the issue not listed in the CISA KEV catalog, the risk of exploitation remains moderate and unproven. The attack vector is likely network‑based, requiring the attacker to authenticate as a Lobby Ambassador user and target the exposed API over HTTP to create privileged credentials.

Generated by OpenCVE AI on March 25, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Cisco IOS XE Software update that addresses this vulnerability
  • Restrict network access to the Lobby Ambassador API to trusted management networks
  • Enforce strong authentication and monitor logs for abnormal API activity

Generated by OpenCVE AI on March 25, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xe Software
Vendors & Products Cisco
Cisco ios Xe Software

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Elevated Privilege via Unvalidated Lobby Ambassador API Parameters

Wed, 25 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.
Weaknesses CWE-1286
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Cisco Ios Xe Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-25T17:34:18.687Z

Reserved: 2025-10-08T11:59:15.375Z

Link: CVE-2026-20114

cve-icon Vulnrichment

Updated: 2026-03-25T17:34:11.879Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T16:16:16.117

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-20114

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:42:41Z

Weaknesses