Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability
Monitor5.4cisco-sa-iosxe-lobby-privesc-KwxBqJyMar 25, 2026
Cisco
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A privilege escalation vulnerability exists in the Lobby Ambassador web-based management API of Cisco IOS XE Software. An authenticated attacker can send a crafted HTTP request with unsanitized parameters to create a new user account with administrative (privilege level 1) access, bypassing normal Lobby Ambassador privilege restrictions. This would allow the attacker to gain full access to the device's management APIs.
What this means
What could happen
An authenticated attacker with Lobby Ambassador privileges could create unauthorized administrative accounts on your Cisco router's management interface, allowing them to gain full control over the device and potentially disrupt network connectivity.
Who's at risk
Organizations running Cisco IOS XE routers with Lobby Ambassador functionality enabled, particularly those using it for centralized management of network infrastructure or remote administrative access. This impacts edge routers, branch office gateways, and any device where the web management API is accessible.
How it could be exploited
An attacker with valid Lobby Ambassador credentials connects to the router's web management API and sends a crafted HTTP request to the vulnerable API endpoint. The unsanitized parameters allow them to bypass privilege validation and create a new administrative user account. The attacker then logs in with these new credentials to access restricted management functions.
Prerequisites
- Valid Lobby Ambassador user account credentials
- Network access to the web-based management API port on the affected router
- Knowledge of the vulnerable API endpoint
Remotely exploitableRequires authenticationLow complexityAffects management and administrative accessParameter validation flaw
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
Cisco IOS XE Software Lobby Ambassador16.11.1 through 17.9.8Fix available
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Cisco IOS XE software to version 17.9.8 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f47c2d45-e7b1-4ee3-be4b-4317394f5ac2Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.