Security News > 2023 > May > Cisco fixes critical flaws in Small Business Series Switches
Nine vulnerabilities - 4 of them critical - have been found in a variety of Cisco Small Business Series Switches.
The remaining five vulnerabilities are high-risk, and allow attackers either to trigger denial of service or read unauthorized information on an affected device.
All nine vulnerabilities have been reported by an anonymous external researcher, and it's likely that the PoCs have also been privately shared by the same individual.
"The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability," Cisco noted in the security advisory.
A software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities."
Cisco has released software updates to fix these vulnerabilities, but not for devices that have entered the end-of-life process: 200, 300 and 500 Series Small Business Switches.
News URL
https://www.helpnetsecurity.com/2023/05/18/cisco-small-business-switches-critical-flaws/
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)