Skip to content

Critical flaws in Cisco switch can allow unauthorised remote access

  • by
  • 2 min read

Cisco has warned customers about a set of four critical remote code execution vulnerabilities that can let attackers execute arbitrary code with root privileges on compromised devices. The issue is caused by improper validation of requests sent to the targeted switches’ web interfaces and affects multiple Small Business Series switches. Affected devices include:

  • 250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches and 550X Series Stackable Managed Switches (fixed in firmware version 2.5.9.16)
  • Business 250 Series Smart Switches and Business 350 Series Managed Switches (fixed in firmware version 3.3.0.16)
  • Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches (no patch available at the time of writing)

The 200, 300, and 500 series Small Business Switches are also affected by the vulnerabilities but won’t receive a firmware update, as per Cisco’s announcement. These devices have already entered their end-of-life process. 

In the News: South Korea’s Naver promises custom AI to foreign governments

This is an image of what is a router and how it works 112

As for the vulnerabilities themselves, they’re tracked as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161 and CVE-2023-20189. All of these vulnerabilities have a CVSS score of 9.8/10 and a critical rating. Additionally, they’re not dependent on one another, meaning you can exploit one without exploiting another. 

The vulnerabilities are part of a larger vulnerability set. Five other vulnerabilities tracked as CVE-2023-20024 (CVSS score 8.6), CVE-2023-20156 (CVSS score 8.6), CVE-2023-20157 (CVSS score 8.6), CVE-2023-20158 (CVSS score 8.6) and CVE-2023-20162 (CVSS score 7.5) were also announced. 

They can be exploited by sending a specially crafted request through the web-based user interface. Additionally, they can also be abused to trigger a DoS condition or read unauthorised information on affected systems via a malicious request. 

The Cisco Product Security Incident Response Team (PSIRT) also revealed that proof-of-concept exploit is already available in the wild, meaning affected devices exposed to the internet are at risk. However, PSIRT has yet to find evidence that suggests active exploitation of these vulnerabilities. 

In the News: Lancefly hackers gathered intel from Asian Gov targets from 2022-23

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of cyber security hacked breach

Case study reveals Chinese hackers spent over 300 days in US electricity grid

This is an image of iphone with apple logo

Match Group, AIDF denied Apple’s confidential antitrust data

Photo: ascannio / shutterstock. Com

X’s outage can’t be traced by researchers and Musk alike

This is an image of malware featured security

DPRK’s KoSpy spyware targets SK, India, Russia, and Middle East

This is an image of honey featured 1

Google updates Chrome Extension policy after Honey scam

This is an image of apple featured 220923

Apple patches critical zero-day exploit targeting iPhones and iPads

>