• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical flaws in cisco small business switches could allow remote

Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks

You are here: Home / General Cyber Security News / Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks
May 18, 2023

Cisco has unveiled updates to tackle a established of nine security flaws in its Tiny Company Sequence Switches that could be exploited by an unauthenticated, remote attacker to operate arbitrary code or trigger a denial-of-company (DoS) affliction.

“These vulnerabilities are thanks to incorrect validation of requests that are sent to the web interface,” Cisco said, crediting an unnamed external researcher for reporting the issues.

Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring process, building them critical in nature. The nine flaws impact the next products lines –

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


  • 250 Collection Clever Switches (Fixed in firmware version 2.5.9.16)
  • 350 Collection Managed Switches (Mounted in firmware variation 2.5.9.16)
  • 350X Collection Stackable Managed Switches (Set in firmware model 2.5.9.16)
  • 550X Sequence Stackable Managed Switches (Fastened in firmware model 2.5.9.16)
  • Enterprise 250 Collection Good Switches (Fixed in firmware variation 3.3..16)
  • Organization 350 Sequence Managed Switches (Set in firmware edition 3.3..16)
  • Small Small business 200 Series Intelligent Switches (Will not be patched)
  • Small Business 300 Series Managed Switches (Will not be patched)
  • Small Organization 500 Sequence Stackable Managed Switches (Will not be patched)

A transient description of just about every of the flaws is as follows –

  • CVE-2023-20159 (CVSS score: 9.8): Cisco Small Company Series Switches Stack Buffer Overflow Vulnerability
  • CVE-2023-20160 (CVSS rating: 9.8): Cisco Smaller Business enterprise Sequence Switches Unauthenticated BSS Buffer Overflow Vulnerability
  • CVE-2023-20161 (CVSS score: 9.8): Cisco Small Organization Collection Switches Unauthenticated Stack Buffer Overflow Vulnerability
  • CVE-2023-20189 (CVSS score: 9.8): Cisco Little Company Sequence Switches Unauthenticated Stack Buffer Overflow Vulnerability
  • CVE-2023-20024 (CVSS rating: 8.6): Cisco Little Enterprise Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
  • CVE-2023-20156 (CVSS rating: 8.6): Cisco Compact Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
  • CVE-2023-20157 (CVSS rating: 8.6): Cisco Tiny Company Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
  • CVE-2023-20158 (CVSS score: 8.6): Cisco Modest Organization Collection Switches Unauthenticated Denial-of-Service Vulnerability
  • CVE-2023-20162 (CVSS score: 7.5): Cisco Compact Organization Series Switches Unauthenticated Configuration Looking through Vulnerability

Thriving exploitation of the aforementioned bugs could permit an unauthenticated, distant attacker to execute arbitrary code with root privileges on an impacted gadget by sending a specifically crafted ask for via the web-dependent user interface.

Alternatively, they could also be abused to induce a DoS issue or browse unauthorized information and facts on vulnerable units by suggests of a malicious ask for.

Forthcoming WEBINARLearn to End Ransomware with Authentic-Time Security

Be a part of our webinar and study how to halt ransomware attacks in their tracks with real-time MFA and provider account defense.

Preserve My Seat!

Cisco reported it does not plan to launch firmware updates for Small Business 200 Collection Intelligent Switches, Little Business enterprise 300 Sequence Managed Switches, Small Small business 500 Sequence Stackable Managed Switches as they have entered the conclude-of-life approach.

The networking gear major also reported it’s conscious of the availability of a proof-of-idea (PoC) exploit code, but pointed out that it did not observe any evidence of malicious exploitation in the wild.

With Cisco devices becoming a lucrative attack vector for danger actors, users are advisable to shift speedily to use the patches to mitigate possible threats.

Located this article exciting? Adhere to us on Twitter  and LinkedIn to browse far more distinctive content we post.


Some pieces of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Social Engineering Risks Found in Microsoft Teams
Next Post: Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions apple thwarts $2 billion in app store fraud, rejects 1.7»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.