Cisco has gone public with 10 vulnerabilities in various small business switch models.
Four of the bugs are rated as critical, with Cisco saying it is aware of proof-of-concept exploit code for the vulnerabilities.
The vulnerabilities let an unauthenticated, remote attacker “execute arbitrary code with root privileges on an affected device”, or cause a denial-of-service, Cisco said.
“These vulnerabilities are due to improper validation of requests that are sent to the web interface," Cisco’s advisory stated.
The bugs are in the switches’ firmware release 2.5.9.15 and earlier for the 250 series smart switches, 350 series managed switches, 350X series stackable managed switches, and 550X series stackable managed switches.
Release 3.3.0.15 and earlier in the Business 250 series smart switches and Business 350 series managed switches are also vulnerable.
Fixed firmware is available for these devices, however the Small Business 200, 300 and 500 series switches have entered end-of-life and won’t be fixed.
All but two of the 10 vulnerabilities are due to buffer overflows.
The critical vulnerabilities are CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 (with CVSS scores of 9.8).
CVE-2023-20158 is the denial-of-service vulnerability, is triggered by sending a crafted request to the web management interface, and is rated high (CVSS score 8.6).
In addition, CVE-2023-20162, rated high (CVSS score 7.5) allows an unauthenticated remote attacker to read configuration data.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
