Overview of Cisco Critical Switch Bugs
A recent Cisco security advisory warns customers of four new bugs affecting multiple Small Business Series Switches. These vulnerabilities can perform critical remote code execution with public exploit code. Additionally, all four vulnerabilities have CVSS base scores of 9.8 out of 10, making them critical. The successful exploitation of these vulnerabilities allows unauthenticated attackers to execute arbitrary code with root privileges on the compromised device.
Details on Cisco Critical Switch Bugs
Tracked as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189, all are caused by improper validation of requests sent to the targeted switches’ web interface. An attacker can exploit these vulnerabilities through maliciously created requests sent through the victim’s devices’ web-based user interfaces. These are low-complexity attacks that don’t require the user’s interaction.
While there are no workarounds to address these vulnerabilities, Cisco has released free software updates for them.
Cisco explained that the vulnerabilities are not dependent on one another. In other words, the exploitation of one of the vulnerabilities is not required to exploit the other. Also, a software release affected by one of the vulnerabilities may not be affected by the others.
Cisco Small Business Switches Affected by Critical Bug
- 250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, and 550X Series Stackable Managed Switches (fixed in firmware version 2.5.9.16)
- Business 250 Series Smart Switches and Business 350 Series Managed Switches (fixed in firmware version 3.3.0.16)
- Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches (no patch available at the moment)
For the last bullet above, no patch is available for the affected devices since these have all entered the end-of-life process.
Cisco’s Product Security Incident Response Team revealed proof-of-concept exploit code is available for the security vulnerabilities. Consequently, it could lead to active exploitation if a threat actor were motivated enough to create their own and target the vulnerable devices.
Cisco Products Confirmed Not Vulnerable
- 220 Series Smart Switches
- Business 220 Series Smart Switches
The Importance of Patching Device Vulnerabilities
Staying on top of vulnerabilities and patches for all devices in your organization is crucial. After all, ignoring this can lead to security breaches with dire consequences for individuals and the company. Hackers are constantly finding new ways to exploit weaknesses in technology, so it’s important to stay informed and protect your devices. By and large, regularly updating and patching devices significantly reduces the risk of a security breach and keeps your data safe. For this reason, we encourage you to be proactive and vigilant about device security to ensure a safer digital world.
If you struggle to keep up with the latest vulnerabilities and patches for devices in your organization, consider partnering with a managed security service provider (MSSP) like M.A. Polce. Partnering with an MSSP can take the burden off your shoulders and ensure your devices are always up-to-date and secure. Our experts stay informed on the latest security threats and have the tools to patch any vulnerabilities quickly. Being proactive about device security can help create a safer digital world. Contact M.A. Polce today to learn more about how they can assist with your patch management needs.
Sources
https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-switch-bugs-with-public-exploit-code/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv – Cisco’s Update
https://www.cisco.com/c/en/us/products/collateral/switches/small-business-smart-switches/eos-eol-notice-c51-740541.html – Cisco’s End of Life Release