Security News > 2020 > January > Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup
Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches.
"An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device," Cisco wrote.
A weakness in Cisco's web user interface for its small business switches is also to blame for the information disclosure bug.
"The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device," Cisco wrote.
Researcher Ken Pyle of DFDR Consulting is credited by Cisco for reporting both vulnerabilities.
News URL
https://threatpost.com/cisco-patches-high-severity-bugs-in-switch-lineup/152392/