Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches

Cisco has released a patch to address nine vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switches. On successful exploitation, the vulnerabilities could enable an attacker to cause a denial of service (DoS) condition or perform arbitrary code execution on an affected device.

Vulnerabilities CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 are rated as critical with a CVSS Base Score of 9.8.

In the advisory, Cisco mentioned that they are aware of the availability of the proof-of-concept exploits code for the vulnerabilities.

Description

CVE-2023-20159: Cisco Small Business Series Switches Stack Buffer Overflow Vulnerability

The vulnerability is caused by the improper validation of requests sent to the web interface. An unauthenticated, remote attacker may exploit this vulnerability by sending a specially crafted request through the web-based user interface. A successful exploit may allow an attacker to perform arbitrary code execution with root privileges on an affected device.

CVE-2023-20160: Cisco Small Business Series Switches Unauthenticated BSS Buffer Overflow Vulnerability

The cause of the vulnerability is improper validation of requests sent to the web interface. An unauthenticated, remote attacker may exploit this vulnerability by sending a specially crafted request through the web-based user interface. A successful exploit may allow an attacker to perform arbitrary code execution with root privileges on an affected device. 

CVE-2023-20161 and CVE-2023-20189: Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability

The reason behind this vulnerability is improper request validation sent to the web interface. An unauthenticated, remote attacker might use the web-based user interface to send a specially crafted request and exploit this vulnerability. A successful exploit may allow the attacker to execute arbitrary code on the target device as root.

CVE-2023-20024, CVE-2023-20156, and CVE-2023-20157: Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability

The vulnerability originates from improper validation of requests sent to the web interface. An unauthenticated, remote attacker may exploit this vulnerability by sending a specially crafted request through the web-based user interface. A successful exploit could allow the attacker to cause a Denial of Service condition on an affected device.

CVE-2023-20158: Cisco Small Business Series Switches Unauthenticated Denial-of-Service Vulnerability

This vulnerability results from improper request validation sent to the web interface. An unauthenticated, remote attacker might use the web-based user interface to send a specially crafted request and exploit this vulnerability. Successful exploitation could allow the attacker to cause a Denial of Service condition on an affected device on successful exploitation.

CVE-2023-20162: Cisco Small Business Series Switches Unauthenticated Configuration Reading Vulnerability

This vulnerability results from improper request validation sent to the web interface. An unauthenticated, remote attacker might use the web-based interface to send a specially crafted request and exploit this vulnerability. A successful exploit could allow the attacker to read unauthorized data from a vulnerable device.

Affected Versions

  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • Business 250 Series Smart Switches
  • Business 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches
  • Small Business 200 Series Smart Switches
  • Small Business 300 Series Managed Switches
  • Small Business 500 Series Stackable Managed Switches

Mitigation

Cisco has released an update to address the vulnerabilities.

Cisco 200, 300, and 500 Series Small Business Switches have already entered the end-of-life process; therefore, Cisco will not release firmware updates to patch the vulnerabilities.

Customers can refer to the Cisco Security Advisory (cisco-sa-sg-web-multi-S9g4Nkgv) for information about the vulnerabilities.

Qualys Detection

Qualys customers can scan their devices with QIDs 317323 and 317324 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv

Leave a Reply

Your email address will not be published. Required fields are marked *