Cisco patched a number of vulnerabilities this week that have an effect on a number of fashions of its small enterprise switches and will enable attackers to take full management of the gadgets remotely. The issues are all situated within the web-based administration interface of the gadgets and may be exploited with out authentication. Whereas the corporate did not disclose which particular elements of the net interface the failings are situated in, it famous in its advisory that the vulnerabilities usually are not depending on each other and may be exploited independently.
As a result of the failings may be exploited with out authentication, we will infer that they are most likely situated in performance that does not require authentication or for which the authentication mechanism may be bypassed. The previous appears extra probably since not one of the flaws are described as an authentication bypass. Whereas Cisco shouldn’t be but conscious of any malicious exploitation of those flaws, the corporate famous that proof-of-concept exploit code is already publicly obtainable for these vulnerabilities.
Attackers do have to have entry to the net administration interface, which may be achieved straight in circumstances the place the administration interface is uncovered to the web, or not directly by first gaining a foothold on an inside community the place a weak swap is used.
Cisco vulnerabilities might enable full system compromise, denial of service, knowledge leakage
4 of the failings are described as buffer overflows and may be exploited to attain arbitrary code execution with root (administrative) permissions. This usually ends in an entire compromise of the system.
These 4 flaws are tracked as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189. All are rated 9.8 out of 10 on the CVSS severity scale. One other 4 flaws are additionally described as buffer overflow circumstances however can solely result in a denial-of-service situation in opposition to weak gadgets when processing maliciously crafted requests. The issues are tracked as CVE-2023-20156, CVE-2023-20024, CVE-2023-20157, and CVE-2023-20158 and are rated with 8.6 severity.
The final flaw is described as a configuration studying error and may end up in attackers studying unauthorized info from an affected system with out authentication. The flaw, tracked as CVE-2023-20162 is rated with 7.5 severity (Excessive).
Improve to newest Cisco firmware
The vulnerabilities affect model 2.5.9.15 and earlier of the Cisco firmware for 250 Sequence Sensible Switches, 350 Sequence Managed Switches, 350X Sequence Stackable Managed Switches and 550X Sequence Stackable Managed Switches, in addition to model 3.3.0.15 and earlier of the firmware of Enterprise 250 Sequence Sensible Switches and Enterprise 350 Sequence Managed Switches. Cisco launched patched firmware variations 2.5.9.16 and three.3.0.16, respectively.
The Small Enterprise 200 Sequence Sensible Switches, Small Enterprise 300 Sequence Managed Switches and Small Enterprise 500 Sequence Stackable Managed Switches are additionally affected, however is not going to obtain firmware upgrades as a result of they’ve reached end-of-life.
The corporate notes that not all affected firmware variations are impacted by all of the vulnerabilities, which suggests some flaws may be version-specific. However, prospects ought to improve to the most recent firmware model as quickly as attainable as there are not any recognized workarounds and attackers have taken an curiosity in Cisco gadgets earlier than.
Copyright © 2023 IDG Communications, Inc.
