Cisco has released security updates to fix multiple vulnerabilities affecting certain Cisco Small Business Series Switches. Out of the 9 vulnerabilities mentioned in the official advisory, 4 of them are classified as Critical with a CVSS score of 9.8 (CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189).

The described vulnerabilities have a proof-of-concept accessible, however, the Cisco PSIRT Team is not aware of any malicious usage of them as of writing.


A. List of Affected Cisco Products

  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches
  • Business 250 Series Smart Switches
  • Business 350 Series Managed Switches
  • Small Business 200 Series Smart Switches
  • Small Business 300 Series Managed Switches
  • Small Business 500 Series Stackable Managed Switches


B. Actions to be Taken

CERT-PH recommends the following actions be taken:

  • Kindly review and apply the necessary updates to mitigate future threats.
  • For additional information, kindly refer to the official report