Security News > 2020 > July > Cisco Patches Vulnerabilities in Small Business Routers, Switches
Cisco on Wednesday announced that it has patched several vulnerabilities affecting its products, including flaws in Small Business routers and switches.
Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity.
This security hole affects some Small Business and managed switches and it allows a remote, unauthenticated attacker to access a device's management interface by hijacking a legitimate user's session.
Cisco also informed customers that it has patched a medium-severity cross-site scripting vulnerability in its Small Business RV042 and RV042G routers.
The remaining vulnerabilities for which Cisco published advisories this week are medium-severity issues affecting the Identity Services Engine, Digital Network Architecture Center, Unified Customer Voice Portal, Unified Communications Manager, and the AnyConnect Secure Mobility Client for macOS. These security holes can be exploited for DoS and XSS attacks, and to obtain potentially sensitive information.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-02 | CVE-2020-3297 | Improper Authentication vulnerability in Cisco products A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. | 9.8 |