19 May, 2023

Cisco Warning!

Cisco today alerted customers to four critical remote code execution vulnerabilities affecting multiple Small Business Series Switches.

These vulnerabilities result from improper validation of requests sent to web interfaces of targeted keys. Attackers can exploit them with maliciously crafted requests through the web-based user interfaces of the targeted devices in low-complex attacks. Vulnerabilities have a near maximum severity rating based on CVSS base scores. Cisco stated that the vulnerabilities are not interdependent and one does not need the other to be used. Affected Cisco switches include 250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, and 550X Series Stackable Managed Switches. Cisco stated that some devices will not receive software updates because they have reached the end of their useful life. In addition, Cisco's PSIRT explained that evidence of the attacks has not yet been found. Additionally, Cisco reported that it is working on a vulnerability in its Prime Collaboration Deployment (PCD) server management tool. A joint advisory issued by the US, UK and Cisco has warned that Russian military hackers are spreading malware on Cisco routers.

Source:

Cisco warns of critical switch bugs with public exploit code (bleepingcomputer.com)


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

 

About Content:
Cisco has reported four critical remote code execution vulnerabilities affecting multiple Small Business Series Switches. Details can be found in this content.
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram