Saturday, November 2, 2024
HomeCiscoCisco Small Business Switches Vulnerabilities allows Attackers to Access Sensitive Information and...

Cisco Small Business Switches Vulnerabilities allows Attackers to Access Sensitive Information and Cause DoS

Published on

Malware protection

Cisco published a security advisory that fixes multiple vulnerabilities with Cisco Small Business Switches.

The vulnerabilities allow an unauthenticated remote attacker to access sensitive information with the devices and cause DoS conditions.

CVE-2019-15993 – Information Disclosure Vulnerability

The vulnerability is due to a lack of security validation with authentication controls for accessing the web UI.

- Advertisement - SIEM as a Service

An attacker could exploit the vulnerability to send a malicious HTTP request to the malicious web UI, by exploiting the vulnerability attacker can access device information such as configuration files.

Vulnerable Products

This vulnerability affects the following Cisco products if they are running a firmware release earlier than 2.5.0.92:

  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches

This vulnerability affects the following Cisco products if they are running a firmware release earlier than 1.4.11.4:

  • 200 Series Smart Switches
  • 300 Series Managed Switches
  • 500 Series Stackable Managed Switches

Now Cisco fixed released security updates to fix the vulnerability and they confirmed there is the malicious use of the vulnerability.

CVE-2020-3147 – DoS

The vulnerability allows an unauthenticated remote attacker to cause DoS condition on the affected device. the vulnerability is due to a lack of validation requests on the web UI.

It can be exploited by sending a malicious request, successful exploitation results in unexpected reload of the device that causes DoS condition, reads advisory.

Vulnerable Products

This vulnerability affects the following Cisco products if they are running a firmware release earlier than 1.3.7.18:

  • 200 Series Smart Switches
  • 300 Series Managed Switches
  • 500 Series Stackable Managed Switches
  • Products Confirmed Not Vulnerable
  • Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches

Cisco released updates to fix the vulnerability and they confirmed and they confirmed there is no malicious use of the vulnerability.

Cisco recently fixed a bug with Cisco Webex that allows an Unauthenticated Remote Attackers to Join Private Meetings Without Password

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to...

SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows

Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM...

Vulnerabilities in Realtek SD Card Reader Driver Impacts Dell, Lenovo, & Others Laptops

Multiple vulnerabilities have been discovered in the Realtek SD card reader driver, RtsPer.sys, affecting...