Security News > 2023 > May > Cisco fixes critical flaws in Small Business Series Switches
Nine vulnerabilities - 4 of them critical - have been found in a variety of Cisco Small Business Series Switches.
The remaining five vulnerabilities are high-risk, and allow attackers either to trigger denial of service or read unauthorized information on an affected device.
All nine vulnerabilities have been reported by an anonymous external researcher, and it's likely that the PoCs have also been privately shared by the same individual.
"The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability," Cisco noted in the security advisory.
A software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities."
Cisco has released software updates to fix these vulnerabilities, but not for devices that have entered the end-of-life process: 200, 300 and 500 Series Small Business Switches.
News URL
https://www.helpnetsecurity.com/2023/05/18/cisco-small-business-switches-critical-flaws/
Related news
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)