Security News > 2023 > May > Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service condition.
Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring system, making them critical in nature.
The nine flaws affect the following product lines -.
Successful exploitation of the aforementioned bugs could permit an unauthenticated, remote attacker to execute arbitrary code with root privileges on an affected device by sending a specially crafted request through the web-based user interface.
Cisco said it does not plan to release firmware updates for Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches as they have entered the end-of-life process.
With Cisco devices becoming a lucrative attack vector for threat actors, users are recommended to move quickly to apply the patches to mitigate potential threats.
News URL
https://thehackernews.com/2023/05/critical-flaws-in-cisco-small-business.html
Related news
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)