Cisco Warns of Critical Switch Bugs With Public Exploit Code
Cyber Security Threat Summary:
Yesterday, Cisco published an advisory, warning customers of four critical remote code execution vulnerabilities (CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189) impacting several of its Small Business Series Switches. The four flaws received a CVSS score of 9.8 out of 10 and are due to an improper validation of requests sent to the targeted switches’ web interfaces. A successful exploit of the issues could enable unauthenticated actors to execute arbitrary code with root privileges on targeted devices.
The flaws impact the following Cisco switches:
Security Officer Comments:
Cisco noted that a proof-of-concept exploit code is available for the vulnerabilities, which could be leveraged by threat actors to create custom exploits. Although the vendor has yet to find evidence of active exploitations in the wild, the release of a POC will soon ensue a series of attacks targeting unpatched devices.
Suggested Correction(s):
(Cisco) Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.
Note: the 200, 300, and 500 Series Small Business Switches firmware will not be patched because these devices have already entered the end-of-life process.
Link(s):
https://www.bleepingcomputer.com/ https://sec.cloudapps.cisco.com/