Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service
Summary
Researchers have discovered four vulnerabilities in Cisco Catalyst 9300 Series enterprise switches. Two of these vulnerabilities, CVE-2026-20114 and CVE-2026-20110, can be chained together to allow a low-privileged user to escalate their access and cause a denial-of-service by putting the switch into maintenance mode, thereby stopping traffic flow. Two additional vulnerabilities, CVE-2026-20112 (XSS) and CVE-2026-20113 (CRLF injection), were also found within the IOS XE IOx integration environment.
IFF Assessment
The discovery of chained vulnerabilities that can lead to denial-of-service on widely used network infrastructure is detrimental to defenders.
Severity
Defender Context
Defenders should prioritize patching or mitigating these vulnerabilities on Cisco Catalyst 9300 switches to prevent potential network outages. The chaining of vulnerabilities for privilege escalation and DoS highlights the importance of a defense-in-depth strategy, as compromising one flaw can lead to a more severe impact.