7.8
CVSSv2

CVE-2020-3147

Published: 30/01/2020 Updated: 01/02/2020
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the malicious user to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco sg200-50_firmware

cisco sg200-50p_firmware

cisco sg200-50fp_firmware

cisco sg200-26_firmware

cisco sg200-26p_firmware

cisco sg200-26fp_firmware

cisco sg200-18_firmware

cisco sg200-10fp_firmware

cisco sg200-08_firmware

cisco sg200-08p_firmware

cisco sg200-24_firmware

cisco sg200-24p_firmware

cisco sg200-24fp_firmware

cisco sg200-48_firmware

cisco sg200-48p_firmware

cisco sf302-08pp_firmware

cisco sf302-08mpp_firmware

cisco sg300-10pp_firmware

cisco sg300-10mpp_firmware

cisco sf300-24pp_firmware

cisco sf300-48pp_firmware

cisco sg300-28pp_firmware

cisco sf300-08_firmware

cisco sf300-48p_firmware

cisco sg300-10mp_firmware

cisco sg300-10p_firmware

cisco sg300-10_firmware

cisco sg300-28p_firmware

cisco sf300-24p_firmware

cisco sf302-08mp_firmware

cisco sg300-28_firmware

cisco sf300-48_firmware

cisco sg300-20_firmware

cisco sf302-08p_firmware

cisco sg300-52_firmware

cisco sf300-24_firmware

cisco sf302-08_firmware

cisco sf300-24mp_firmware

cisco sg300-10sfp_firmware

cisco sg300-28mp_firmware

cisco sg300-52p_firmware

cisco sg300-52mp_firmware

cisco sg500-28mpp_firmware

cisco sg500-52mp_firmware

cisco sg500xg-8f8t_firmware

cisco sf500-24_firmware

cisco sf500-24p_firmware

cisco sf500-48_firmware

cisco sf500-48p_firmware

cisco sg500-28_firmware

cisco sg500-28p_firmware

cisco sg500-52_firmware

cisco sg500-52p_firmware

cisco sg500x-24_firmware

cisco sg500x-24p_firmware

cisco sg500x-48_firmware

cisco sg500x-48p_firmware

Vendor Advisories

[CVE-2020-3147_su] A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device The vulnerability is due to improper validation of requests sent to the web interface An attacker could exploit this vulnerability by sending a malic ...

Recent Articles

Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup
Threatpost • Tom Spring • 30 Jan 2020

Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. The flaws allow remote unauthenticated adversaries to access sensitive information and level denial-of-service (DoS) attacks against affected gear.
Impacted are Series Smart Switches, Series Managed Switches and Series Stackable Managed Switches. Cisco said it was unaware of active exploitation of the vulnerabilities and software updates remedia...