Pierluigi Paganini May 18, 2023

Cisco fixed nine flaws in its Small Business Series Switches that could be exploited to execute arbitrary code or cause a DoS condition.

Cisco has released security updates to address nine security vulnerabilities in the web-based user interface of certain Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to execute arbitrary code with root privileges or trigger a denial-of-service (DoS) condition.

“Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.” reads the advisory published by Cisco. “These vulnerabilities are due to improper validation of requests that are sent to the web interface.”

There are no workarounds to address these vulnerabilities. These vulnerabilities impact the following Cisco Small Business Switches:

• 250 Series Smart Switches
• 350 Series Managed Switches
• 350X Series Stackable Managed Switches
• 550X Series Stackable Managed Switches
• Business 250 Series Smart Switches
• Business 350 Series Managed Switches
• Small Business 200 Series Smart Switches
• Small Business 300 Series Managed Switches
• Small Business 500 Series Stackable Managed Switches

The IT giant confirmed that these vulnerabilities do not impact the following Cisco products:

• 220 Series Smart Switches
• Business 220 Series Smart Switches

The vulnerabilities are not dependent on one another, this means the exploitation of one of them is not required to exploit another flaw.

A brief description of each of the flaws is as follows –

• CVE-2023-20159 (CVSS score: 9.8): Small Business Series Switches Stack Buffer Overflow Vulnerability
• CVE-2023-20160 (CVSS score: 9.8): Small Business Series Switches Unauthenticated BSS Buffer Overflow Vulnerability
• CVE-2023-20161 (CVSS score: 9.8): Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability
• CVE-2023-20189 (CVSS score: 9.8): Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability
• CVE-2023-20024 (CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
• CVE-2023-20156 (CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
• CVE-2023-20157 (CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
• CVE-2023-20158 (CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Denial-of-Service Vulnerability
• CVE-2023-20162 (CVSS score: 7.5): Cisco Small Business Series Switches Unauthenticated Configuration Reading Vulnerability

An attacker could exploit these vulnerabilities by sending a crafted request through the web-based user interface.

The vendor states that it will not release firmware updates to address the above vulnerabilities in EoL products Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, and Small Business 500 Series Stackable Managed Switches:

• End-of-Sale and End-of-Life Announcement for the Cisco Small Business 200 Series Smart Switches
• End-of-Sale and End-of-Life Announcement for the Cisco Small Business 300 Series Managed Switches
• End-of-Sale and End-of-Life Announcement for the Small Business 500 Series Stackable Managed Switches

The company Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the above vulnerabilities. The PSIRT is not aware of attacks in the wild exploiting these vulnerabilities.

With Cisco devices becoming a lucrative attack vector for threat actors, users are recommended to move quickly to apply the patches to mitigate potential threats.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, switch)