Multiple Vulnerabilities Affecting Cisco Small Business Series Switches

Cisco has released security updates to fix multiple vulnerabilities affecting certain Cisco Small Business Series Switches. Out of the 9 vulnerabilities mentioned in the official advisory, 4 of them are classified as Critical with a CVSS score of 9.8 (CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189).

The described vulnerabilities have a proof-of-concept accessible, however, the Cisco PSIRT Team is not aware of any malicious usage of them as of writing.

_____________________________

A. List of Affected Cisco Products

250 Series Smart Switches
350 Series Managed Switches
350X Series Stackable Managed Switches
550X Series Stackable Managed Switches
Business 250 Series Smart Switches
Business 350 Series Managed Switches
Small Business 200 Series Smart Switches
Small Business 300 Series Managed Switches
Small Business 500 Series Stackable Managed Switches

_____________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

Kindly review and apply the necessary updates to mitigate future threats.
For additional information, kindly refer to the official report
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv