Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
CVE-2023-20156

8.6HIGH

Key Information:

Vendor
Cisco
Status
Cisco Small Business Smart And Managed Switches
Vendor
CVE Published:
18 May 2023

Badges

👾 Exploit Exists

Summary

Certain Cisco Small Business Series Switches have multiple vulnerabilities in their web-based user interface, allowing unauthenticated remote attackers to exploit these flaws. By sending specially crafted requests to the web interface, an adversary could cause a denial of service condition or execute arbitrary code with root permissions on affected devices. The root cause of these vulnerabilities lies in the improper validation of input requests, making it crucial for users to apply the recommended updates and mitigations to safeguard their devices.

Affected Version(s)

Cisco Small Business Smart and Managed Switches

References

https://sec.cloudapps.cisco.com/security/center/content/C...
vendor-advisory

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.