Security News > 2020 > January > Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup

Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup
2020-01-30 17:38

Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches.

"An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device," Cisco wrote.

A weakness in Cisco's web user interface for its small business switches is also to blame for the information disclosure bug.

"The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device," Cisco wrote.

Researcher Ken Pyle of DFDR Consulting is credited by Cisco for reporting both vulnerabilities.


News URL

https://threatpost.com/cisco-patches-high-severity-bugs-in-switch-lineup/152392/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751