Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-20159

Published: 18/05/2023 Updated: 07/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Business 250-16p-2g Firmware

Vulnerability Summary

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco business_250-16p-2g_firmware -

cisco business_250-16t-2g_firmware -

cisco business_250-24fp-4g_firmware -

cisco business_250-24fp-4x_firmware -

cisco business_250-24p-4g_firmware -

cisco business_250-24p-4x_firmware -

cisco business_250-24pp-4g_firmware -

cisco business_250-24t-4g_firmware -

cisco business_250-24t-4x_firmware -

cisco business_250-48p-4g_firmware -

cisco business_250-48p-4x_firmware -

cisco business_250-48pp-4g_firmware -

cisco business_250-48t-4g_firmware -

cisco business_250-48t-4x_firmware -

cisco business_250-8fp-e-2g_firmware -

cisco business_250-8p-e-2g_firmware -

cisco business_250-8pp-d_firmware -

cisco business_250-8pp-e-2g_firmware -

cisco business_250-8t-d_firmware -

cisco business_250-8t-e-2g_firmware -

cisco business_350-12np-4x_firmware -

cisco business_350-12xs_firmware -

cisco business_350-12xt_firmware -

cisco business_350-16fp-2g_firmware -

cisco business_350-16p-2g_firmware -

cisco business_350-16p-e-2g_firmware -

cisco business_350-16t-2g_firmware -

cisco business_350-16t-e-2g_firmware -

cisco business_350-16xts_firmware -

cisco business_350-24fp-4g_firmware -

cisco business_350-24fp-4x_firmware -

cisco business_350-24mgp-4x_firmware -

cisco business_350-24ngp-4x_firmware -

cisco business_350-24p-4g_firmware -

cisco business_350-24p-4x_firmware -

cisco business_350-24s-4g_firmware -

cisco business_350-24t-4g_firmware -

cisco business_350-24t-4x_firmware -

cisco business_350-24xs_firmware -

cisco business_350-24xt_firmware -

cisco business_350-24xts_firmware -

cisco business_350-48fp-4g_firmware -

cisco business_350-48fp-4x_firmware -

cisco business_350-48ngp-4x_firmware -

cisco business_350-48p-4g_firmware -

cisco business_350-48p-4x_firmware -

cisco business_350-48t-4g_firmware -

cisco business_350-48t-4x_firmware -

cisco business_350-48xt-4x_firmware -

cisco business_350-8fp-2g_firmware -

cisco business_350-8fp-e-2g_firmware -

cisco business_350-8mgp-2x_firmware -

cisco business_350-8mp-2x_firmware -

cisco business_350-8p-2g_firmware -

cisco business_350-8p-e-2g_firmware -

cisco business_350-8s-e-2g_firmware -

cisco business_350-8t-e-2g_firmware -

cisco business_350-8xt_firmware -

cisco sf200-24_firmware -

cisco sf200-24fp_firmware -

cisco sf200-24p_firmware -

cisco sf200-48_firmware -

cisco sf200-48p_firmware -

cisco sf200e-24_firmware -

cisco sf200e-24p_firmware -

cisco sf200e-48_firmware -

cisco sf200e-48p_firmware -

cisco sf200e48p_firmware -

cisco sf250-08_firmware -

cisco sf250-08hp_firmware -

cisco sf250-10p_firmware -

cisco sf250-18_firmware -

cisco sf250-24_firmware -

cisco sf250-24p_firmware -

cisco sf250-26_firmware -

cisco sf250-26hp_firmware -

cisco sf250-26p_firmware -

cisco sf250-48_firmware -

cisco sf250-48hp_firmware -

cisco sf250-50_firmware -

cisco sf250-50hp_firmware -

cisco sf250-50p_firmware -

cisco sf250x-24_firmware -

cisco sf250x-24p_firmware -

cisco sf250x-48_firmware -

cisco sf250x-48p_firmware -

cisco sf300-08_firmware -

cisco sf300-24_firmware -

cisco sf300-24mp_firmware -

cisco sf300-24p_firmware -

cisco sf300-24pp_firmware -

cisco sf300-48_firmware -

cisco sf300-48p_firmware -

cisco sf300-48pp_firmware -

cisco sf302-08_firmware -

cisco sf302-08mpp_firmware -

cisco sf302-08pp_firmware -

cisco sf350-08_firmware -

cisco sf350-10_firmware -

cisco sf350-10mp_firmware -

cisco sf350-10p_firmware -

cisco sf350-10sfp_firmware -

cisco sf350-20_firmware -

cisco sf350-24_firmware -

cisco sf350-24mp_firmware -

cisco sf350-24p_firmware -

cisco sf350-28_firmware -

cisco sf350-28mp_firmware -

cisco sf350-28p_firmware -

cisco sf350-28sfp_firmware -

cisco sf350-48_firmware -

cisco sf350-48mp_firmware -

cisco sf350-48p_firmware -

cisco sf350-52_firmware -

cisco sf350-52mp_firmware -

cisco sf350-52p_firmware -

cisco sf350-8mp_firmware -

cisco sf350-8pd_firmware -

cisco sf352-08_firmware -

cisco sf352-08mp_firmware -

cisco sf352-08p_firmware -

cisco sf355-10p_firmware -

cisco sf500-18p_firmware -

cisco sf500-24_firmware -

cisco sf500-24mp_firmware -

cisco sf500-24p_firmware -

cisco sf500-48_firmware -

cisco sf500-48mp_firmware -

cisco sf500-48p_firmware -

cisco sf550x-24_firmware -

cisco sf550x-24mp_firmware -

cisco sf550x-24p_firmware -

cisco sf550x-48_firmware -

cisco sf550x-48mp_firmware -

cisco sf550x-48p_firmware -

cisco sg200-08_firmware -

cisco sg200-08p_firmware -

cisco sg200-10fp_firmware -

cisco sg200-18_firmware -

cisco sg200-26_firmware -

cisco sg200-26fp_firmware -

cisco sg200-26p_firmware -

cisco sg200-50_firmware -

cisco sg200-50fp_firmware -

cisco sg200-50p_firmware -

cisco sg250-08_firmware -

cisco sg250-08hp_firmware -

cisco sg250-10p_firmware -

cisco sg250-18_firmware -

cisco sg250-24_firmware -

cisco sg250-24p_firmware -

cisco sg250-26_firmware -

cisco sg250-26hp_firmware -

cisco sg250-26p_firmware -

cisco sg250-48_firmware -

cisco sg250-48hp_firmware -

cisco sg250-50_firmware -

cisco sg250-50hp_firmware -

cisco sg250-50p_firmware -

cisco sg250x-24_firmware -

cisco sg250x-24p_firmware -

cisco sg250x-48_firmware -

cisco sg250x-48p_firmware -

cisco sg300-10_firmware -

cisco sg300-10mp_firmware -

cisco sg300-10mpp_firmware -

cisco sg300-10p_firmware -

cisco sg300-10pp_firmware -

cisco sg300-10sfp_firmware -

cisco sg300-20_firmware -

cisco sg300-28_firmware -

cisco sg300-28mp_firmware -

cisco sg300-28p_firmware -

cisco sg300-28pp_firmware -

cisco sg300-28sfp_firmware -

cisco sg300-52_firmware -

cisco sg300-52mp_firmware -

cisco sg300-52p_firmware -

cisco sg350-10_firmware -

cisco sg350-10mp_firmware -

cisco sg350-10p_firmware -

cisco sg350-28_firmware -

cisco sg350-28mp_firmware -

cisco sg350-28p_firmware -

cisco sg350x-12pmv_firmware -

cisco sg350x-24_firmware -

cisco sg350x-24mp_firmware -

cisco sg350x-24p_firmware -

cisco sg350x-24pd_firmware -

cisco sg350x-24pv_firmware -

cisco sg350x-48_firmware -

cisco sg350x-48mp_firmware -

cisco sg350x-48p_firmware -

cisco sg350x-48pv_firmware -

cisco sg350x-8pmd_firmware -

cisco sg350xg-24f_firmware -

cisco sg350xg-24t_firmware -

cisco sg350xg-2f10_firmware -

cisco sg350xg-48t_firmware -

cisco sg355-10mp_firmware -

cisco sg355-10p_firmware -

cisco sg500-28_firmware -

cisco sg500-28mpp_firmware -

cisco sg500-28p_firmware -

cisco sg500-28pp_firmware -

cisco sg500-52p_firmware -

cisco sg500-52pp_firmware -

cisco sg500x-24_firmware -

cisco sg500x-24mpp_firmware -

cisco sg500x-24p_firmware -

cisco sg500x-48_firmware -

cisco sg500x-48mp_firmware -

cisco sg500x-48mpp_firmware -

cisco sg500x-48p_firmware -

cisco sg500x24mpp_firmware -

cisco sg500xg-8f8t_firmware -

cisco sg500xg8f8t_firmware -

cisco sg550x-24_firmware -

cisco sg550x-24mp_firmware -

cisco sg550x-24mpp_firmware -

cisco sg550x-24p_firmware -

cisco sg550x-48_firmware -

cisco sg550x-48mp_firmware -

cisco sg550x-48p_firmware -

cisco sg550x-48t_firmware -

cisco sg550xg-24f_firmware -

cisco sg550xg-24t_firmware -

cisco sg550xg-48t_firmware -

cisco sg550xg-8f8t_firmware -

Vendor Advisories

Cisco: Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device These vulnerabilities are due to improper validation of requests that are sent to ...

Recent Articles

Cisco squashes critical bugs in small biz switches
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources You'll want to patch these as proof-of-concept exploit code is out there already

Cisco rolled out patches for four critical security vulnerabilities in several of its network switches for small businesses that can be exploited to remotely hijack the equipment. Specifically, the flaws in the web user interface can be used to run arbitrary code with root privileges. The networking giant this week said in an advisory that organizations with service contracts that include regular software updates should get fixes for the security holes through their usual update channels. Those ...

Read more...

References

CWE-120https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgvhttps://nvd.nist.govhttps://www.theregister.co.uk/2023/05/18/cisco_patches_small_biz_switches/https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook