Cisco Small Business Switches Vulnerabilities Cause Disclosure & DoS

Cisco published a security advisory that fixes multiple vulnerabilities with Cisco Small Business Switches.

The vulnerabilities allow an unauthenticated remote attacker to access sensitive information with the devices and cause DoS conditions.

CVE-2019-15993 – Information Disclosure Vulnerability

The vulnerability is due to a lack of security validation with authentication controls for accessing the web UI.

- Advertisement -

An attacker could exploit the vulnerability to send a malicious HTTP request to the malicious web UI, by exploiting the vulnerability attacker can access device information such as configuration files.

Vulnerable Products

This vulnerability affects the following Cisco products if they are running a firmware release earlier than 2.5.0.92:

250 Series Smart Switches
350 Series Managed Switches
350X Series Stackable Managed Switches
550X Series Stackable Managed Switches

This vulnerability affects the following Cisco products if they are running a firmware release earlier than 1.4.11.4:

200 Series Smart Switches
300 Series Managed Switches
500 Series Stackable Managed Switches

Now Cisco fixed released security updates to fix the vulnerability and they confirmed there is the malicious use of the vulnerability.

CVE-2020-3147 – DoS

The vulnerability allows an unauthenticated remote attacker to cause DoS condition on the affected device. the vulnerability is due to a lack of validation requests on the web UI.

It can be exploited by sending a malicious request, successful exploitation results in unexpected reload of the device that causes DoS condition, reads advisory.

Vulnerable Products

This vulnerability affects the following Cisco products if they are running a firmware release earlier than 1.3.7.18:

200 Series Smart Switches
300 Series Managed Switches
500 Series Stackable Managed Switches
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

250 Series Smart Switches
350 Series Managed Switches
350X Series Stackable Managed Switches
550X Series Stackable Managed Switches

Cisco released updates to fix the vulnerability and they confirmed and they confirmed there is no malicious use of the vulnerability.

Cisco recently fixed a bug with Cisco Webex that allows an Unauthenticated Remote Attackers to Join Private Meetings Without Password

Cisco Small Business Switches Vulnerabilities allows Attackers to Access Sensitive Information and Cause DoS

Defend malware Attacks

CVE-2019-15993 – Information Disclosure Vulnerability

Vulnerable Products

CVE-2020-3147 – DoS

Vulnerable Products

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Free Webinar

Protect Websites & APIs from Malware Attack

Discussion points

More like this

A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack

Okta Verify Agent for Windows Flaw Let Attackers Steal User Passwords

MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Network Penetration Testing Checklist – 2024