Cisco this week announced patches for critical-severity vulnerabilities in multiple small business switches and warned that proof-of-concept (PoC) code that targets them exists publicly.
Identified in the web-based user interface of the impacted switches, the flaws can be exploited remotely, without authentication, to execute arbitrary code with root privileges.
The root cause of these issues, Cisco notes in an advisory, is the improper validation of requests sent to the web interface. The bugs can be exploited by sending crafted requests through the web-based user interface.
According to Cisco, these vulnerabilities are not dependent on one another, meaning that any of them can be exploited without having to exploit the others.
Tracked as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189, the vulnerabilities have a CVSS score of 9.8.
Cisco has released software updates to address all four, along with five other high-severity flaws that can also be exploited by unauthenticated, remote attackers via crafted requests. Four of them could lead to a denial-of-service (DoS) condition, while the fifth allows attackers to read unauthorized information.
The flaws were addressed with the release of firmware version 2.5.9.16 for 250 series smart switches, 350 series managed switches, and 350X and 550X series stackable managed switches, and with firmware version 3.3.0.16 for business 250 series smart switches and business 350 series managed switches.
Small business 200 series smart switches, small business 300 series managed switches, and small business 500 series stackable managed switches are also impacted, but Cisco does not plan to update these devices, as they have entered the end-of-life (EoL) process.
The tech giant also notes that PoC code targeting these vulnerabilities is already available, but that it is not aware of malicious attacks targeting them.
This week, Cisco also announced patches for multiple medium-severity bugs in IOS XE ROM Monitor (ROMMON) software, Smart Software Manager (SSM) On-Prem, Identity Services Engine (ISE), DNA Center software, and Business Wireless Access Points (APs).
Additional information on the addressed vulnerabilities can be found on the Cisco security advisories page.
Related: Cisco Warns of Critical Vulnerability in EoL Phone Adapters
Related: Cisco Working on Patch for Vulnerability Reported by NATO Pentester
Related: Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs
