Cisco has announced multiple vulnerabilities for their Cisco Small Business Switch Series, three of which are flagged as critical. The disclosed vulnerabilities could allow a remote attacker to perform a denial of service attack or run arbitrary commands as the root user. Specifics of the vulnerabilities can be found here, and below is a brief description of critical items:
CVE-2023-20159: Cisco Small Business Series Switches Stack Buffer Overflow Vulnerability
CVE-2023-20160: Cisco Small Business Series Switches Unauthenticated BSS Buffer Overflow Vulnerability
CVE-2023-20189: Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability