CP
cyberpings
VulnerabilitiesHIGH

Cisco Catalyst Switches - Chained Vulnerabilities Exposed

CSCSO Online
CVE-2026-20114CVE-2026-20110Cisco Catalyst 9300Opswat
🎯

Basically, hackers can exploit flaws in Cisco switches to shut down networks.

Quick Summary

Cisco's Catalyst 9300 switches are vulnerable to chained exploits that could lead to denial-of-service. This affects many enterprises relying on these devices. Immediate patching is crucial to safeguard network operations.

The Flaw

Cisco's Catalyst 9300 Series switches, widely used in enterprise environments, have been found to contain four security vulnerabilities. Among these, two vulnerabilities, CVE-2026-20114 and CVE-2026-20110, can be chained together to create a denial-of-service (DoS) condition. Discovered by Opswat's Unit 515 Critical Infrastructure Protection Lab, these flaws allow attackers to escalate privileges from a low-level user account to a point where they can effectively disable the switch.

The first vulnerability is linked to the Lobby Ambassador account, which is designed for non-technical staff to manage guest Wi-Fi access. This account has a command injection vulnerability (CVE-2026-20114) that lets attackers create a MAC-based account with elevated privileges. The second vulnerability (CVE-2026-20110) stems from insufficient sanitization, allowing attackers to elevate their privileges further and put the switches into maintenance mode, halting all traffic.

What's at Risk

The implications of these vulnerabilities are significant. If exploited, they could lead to a complete shutdown of network services for organizations relying on these switches. This is especially concerning given the critical role that Cisco Catalyst switches play in enterprise infrastructure. Even though the individual CVSS scores for these vulnerabilities range from 4.8 to 6.5, the ability to chain them amplifies the risk, making them a high-priority concern for IT departments.

Additionally, two other vulnerabilities, CVE-2026-20112 (cross-site scripting) and CVE-2026-20113 (CRLF injection), also exist but are less critical. These could allow attackers to manipulate logs and execute malicious scripts, further compromising the integrity of the system.

Patch Status

Cisco has addressed all four vulnerabilities in its March 25 semiannual Cisco IOS and IOS XE Software Security Advisory. While the patching process took longer than expected due to Cisco's twice-yearly cycle, the vulnerabilities have been officially resolved. Opswat reported these issues to Cisco in August 2025, but the remediation process extended into the next advisory window.

For organizations using these switches, it is crucial to apply the patches as soon as possible. Cisco's Software Checker tool can help determine if a switch is vulnerable based on its current software or firmware version. For immediate mitigation, enabling multi-factor authentication (MFA) for all accounts accessing the Lobby Ambassador feature is recommended.

Immediate Actions

Organizations should prioritize patching their Cisco Catalyst 9300 switches to prevent potential exploitation of these vulnerabilities. Here are some immediate actions to consider:

  • Apply the latest patches from Cisco’s advisory to close the vulnerabilities.
  • Enable MFA for all user accounts, especially those with access to the Lobby Ambassador feature.
  • Monitor network traffic closely for any unusual activity that may indicate an attempted exploit.
  • Educate staff about the importance of security practices, including recognizing phishing attempts that could lead to credential theft.

By taking these steps, organizations can significantly reduce their risk of falling victim to attacks exploiting these vulnerabilities.

🔒 Pro insight: The ability to chain these vulnerabilities highlights a critical need for robust access controls and regular security audits in enterprise environments.

Original article from

CSO Online

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Cisco Vulnerabilities - Security Advisory Released March 2026

Cisco has issued a security advisory for vulnerabilities in various products, including Catalyst switches and IOS software. Users are urged to update their systems immediately to avoid risks. This advisory is vital for maintaining network security and integrity.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - CISA Adds CVE-2026-33017 to Catalog

CISA has added CVE-2026-33017 to its KEV Catalog due to active exploitation. This code injection vulnerability poses significant risks to federal networks. Organizations are urged to act quickly to mitigate potential threats.

CISA Advisories·
CRITICALVulnerabilities

Vulnerabilities - Critical PTC Windchill RCE Risk Alert

A critical flaw in PTC's Windchill and FlexPLM could allow remote code execution. System administrators need to act quickly to mitigate risks. PTC is working on patches to address this vulnerability.

SC Media·
HIGHVulnerabilities

Hitachi Vulnerabilities - Security Advisory Released

Hitachi has released a security advisory for vulnerabilities in key products. Users must update to avoid potential attacks. Ignoring this could lead to serious security risks.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

ISC BIND Vulnerabilities - Security Advisory Released

ISC has issued a critical security advisory for vulnerabilities in ISC BIND software. Multiple versions are affected, posing risks of performance issues and unexpected terminations. Users must update their systems immediately to mitigate these risks.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - Citrix NetScaler ADC and Gateway Alert

Citrix has revealed two critical vulnerabilities in its NetScaler ADC and Gateway products. UK organizations using these systems must act quickly to apply necessary updates. Failure to do so could result in serious data breaches and unauthorized access risks.

NCSC UK·