Network Alerts

Cisco Small Business Switch Vulnerabilities

Posted by Matt Weber - May 19, 2023 - Vulnerability, Cisco

About the Alert

Cisco has announced multiple vulnerabilities for their Cisco Small Business Switch Series, three of which are flagged as critical. The disclosed vulnerabilities could allow a remote  attacker to perform a denial of service attack or run arbitrary commands as the root user. Specifics of the vulnerabilities can be found here, and below is a brief description of critical items: 

CVE-2023-20159: Cisco Small Business Series Switches Stack Buffer Overflow Vulnerability

CVE-2023-20160: Cisco Small Business Series Switches Unauthenticated BSS Buffer Overflow Vulnerability

CVE-2023-20189: Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability

Key Takeaways:

  • Three of the multiple vulnerabilities are rated critical
  • Vulnerabilities affect Cisco Small Business Series Switches
  • No workarounds to address vulnerabilities and requires software update 

Mitigating The Vulnerabilities

It is recommended to upgrade software on affected Cisco Small Business Switches. This is only applicable to those devices that are not end-of-life and have an active Cisco support contract. 

If you have Cisco Small Business Switches in your environment and would like assistance with assessing exposure or best go forward plan, please reach out to your SymQuest Account Executive.

Never miss a critical vulnerability alert

Stay in the know and receive a notification right to your inbox when a security message is posted.

Subscribe

Subscribe to receive Network Alerts

×