- 114/2023
- Critical
Cisco released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access, bypass security restrictions, escalate privileges, obtain sensitive information, or cause a denial of service attack on the affected systems.
Sample of the addressed vulnerabilities:
Cisco Small Business Series Switches Buffer Overflow (CVE-2023-20159):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Sample of the affected products:
- 250 Series Smart Switches, 350 Series Managed Switches.
- Catalyst (3600, 3800, 9200, 9300, 9400, 9500, 9600) Series Switches.
- Cisco Smart Software Manager On-Prem (7,8).
- Cisco Identity Services Engine (2.7,3.0,3.1,3.2).
It should be highlighted that Cisco has announced that Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, and Small Business 500 Series Stackable Managed Switches adapters have entered the end-of-life process and will not release firmware updates to address this vulnerability.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.