Chained Cisco Catalyst 9300 Flaws Could Cause DoS Outage
🔒 Cisco's Catalyst 9300 switches contain four vulnerabilities — two of which can be chained to escalate privileges and induce a denial-of-service by forcing the device into maintenance mode. Opswat's Unit 515 CIP Lab reported CVE-2026-20114 (command injection) and CVE-2026-20110 (insufficient sanitization), which together allow a low-privileged Lobby Ambassador account to gain higher privileges. Cisco released fixes in its March 25, 2026 IOS and IOS XE advisory; administrators should run the Software Checker, enable MFA for Lobby Ambassador accounts, and, where possible, set the privilege level for the 'start maintenance' command from the CLI.
