Cisco Issues Warning for Critical Switch Vulnerabilities with Public Exploit Code

May 17, 2023

Cisco has issued a warning to customers regarding four critical remote code execution vulnerabilities that have public exploit code, impacting multiple Small Business Series Switches. These security flaws have received near-maximum severity ratings, with Common Vulnerability Scoring System (CVSS) base scores of 9.8 out of 10. If successfully exploited, unauthenticated attackers can execute arbitrary code with root privileges on affected devices. The vulnerabilities in question are CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189, which stem from improper validation of requests sent to the switches' web interfaces. These vulnerabilities can be exploited through malicious requests sent via the targeted devices' web-based user interfaces in low-complexity attacks that do not require user interaction.

Cisco clarified that these vulnerabilities are not interdependent, stating, "The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability." Furthermore, a software release affected by one vulnerability may not necessarily be impacted by the other vulnerabilities. The list of affected Cisco switches includes the 200, 300, and 500 Series Small Business Switches. However, the firmware for these devices will not receive patches, as they have already entered the end-of-life process.

The Cisco Product Security Incident Response Team (PSIRT) disclosed that proof-of-concept exploit code is available for these security flaws, potentially leading to active exploitation if motivated threat actors create their own. On Wednesday, the company warned that its PSIRT is "aware that proof-of-concept exploit code is available" for these security flaws, which could allow threat actors to target vulnerable devices exposed to remote access. Fortunately, Cisco's PSIRT has not yet discovered any evidence of attempts to exploit the vulnerabilities in attacks.

In addition to these critical vulnerabilities, Cisco is working on patching a cross-site scripting (XSS) vulnerability in its Prime Collaboration Deployment (PCD) server management tool, reported by Pierre Vivegnis of NATO's Cyber Security Centre (NCSC). A joint advisory released by the US, UK, and Cisco recently warned that APT28 Russian military hackers have been deploying custom 'Jaguar Tooth' malware on Cisco IOS routers to gain unauthenticated access to compromised devices.

Latest News

• BianLian Ransomware Group Targets Critical Infrastructure Organizations
• Unpatched Wemo Smart Plug Bug Leaves Numerous Networks Vulnerable to Cyberattacks
• Ransomware Targets VMware ESXi Hypervisor: The Emergence of 'MichaelKors'
• Meme-Themed Cyberattacks Target Hospitality Sector Using Follina Bug
• CISA Issues Warning on Critical Ruckus Bug Exploited by DDoS Botnet