Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for sf250-26p_firmware by cisco

    CVE-2023-20189 (GCVE-0-2023-20189)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 15:58
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.393Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T15:19:03.241300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T15:58:02.150Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20189",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T15:58:02.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20162 (GCVE-0-2023-20162)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:01
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T15:59:57.866850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:01:26.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20162",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:01:26.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20161 (GCVE-0-2023-20161)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:02
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20161",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:02:09.721806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:02:35.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20161",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:02:35.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20160 (GCVE-0-2023-20160)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:03
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.019Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:03:27.598112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:03:50.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20160",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:03:50.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20159 (GCVE-0-2023-20159)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:04
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.978Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:04:33.941738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:04:57.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20159",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:04:57.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20158 (GCVE-0-2023-20158)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:05
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.995Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:05:30.404077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:05:48.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20158",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:05:48.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20157 (GCVE-0-2023-20157)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:07
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.995Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:06:05.756115Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:07:38.303Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20157",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:07:38.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20156 (GCVE-0-2023-20156)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:07
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20156",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:06:23.369847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:07:52.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20156",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:07:52.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20024 (GCVE-0-2023-20024)

    Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:08
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:06:32.323027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:08:03.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20024",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:08:03.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34739 (GCVE-0-2021-34739)

    Vulnerability from nvd – Published: 2021-11-04 15:40 – Updated: 2024-11-07 21:43
    VLAI
    Title
    Cisco Small Business Series Switches Session Credentials Replay Vulnerability
    Summary
    A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-11-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211103 Cisco Small Business Series Switches Session Credentials Replay Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:42:41.130667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:43:18.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-04T15:40:23.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211103 Cisco Small Business Series Switches Session Credentials Replay Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-smb-switches-tokens-UzwpR4e5",
            "defect": [
              [
                "CSCvx48953",
                "CSCvx48962",
                "CSCvx52310"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Session Credentials Replay Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-11-03T16:00:00",
              "ID": "CVE-2021-34739",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Small Business Series Switches Session Credentials Replay Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business Smart and Managed Switches",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "8.1",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-613"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211103 Cisco Small Business Series Switches Session Credentials Replay Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-smb-switches-tokens-UzwpR4e5",
              "defect": [
                [
                  "CSCvx48953",
                  "CSCvx48962",
                  "CSCvx52310"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34739",
        "datePublished": "2021-11-04T15:40:23.357Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:43:18.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12718 (GCVE-0-2019-12718)

    Vulnerability from nvd – Published: 2019-10-16 18:36 – Updated: 2024-11-21 19:08
    VLAI
    Title
    Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business 200 Series Smart Switches Affected: unspecified , < n/a (custom)
    Create a notification for this product.
    Date Public
    2019-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-xss"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-12718",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:56:14.761626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:08:32.647Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business 200 Series Smart Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "n/a",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-16T18:36:30.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-xss"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20191016-sbss-xss",
            "defect": [
              [
                "CSCvo28159",
                "CSCvp35688"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-10-16T16:00:00-0700",
              "ID": "CVE-2019-12718",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business 200 Series Smart Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-xss"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20191016-sbss-xss",
              "defect": [
                [
                  "CSCvo28159",
                  "CSCvp35688"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-12718",
        "datePublished": "2019-10-16T18:36:30.481Z",
        "dateReserved": "2019-06-04T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:08:32.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12636 (GCVE-0-2019-12636)

    Vulnerability from nvd – Published: 2019-10-16 18:36 – Updated: 2024-11-21 19:09
    VLAI
    Title
    Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2019-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:24:39.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-12636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:56:25.832896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:09:59.032Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business 250 Series Smart Switches Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "n/a",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-16T18:36:26.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20191016-sbss-csrf",
            "defect": [
              [
                "CSCvo26471"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-10-16T16:00:00-0700",
              "ID": "CVE-2019-12636",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business 250 Series Smart Switches Software",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "8.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20191016-sbss-csrf",
              "defect": [
                [
                  "CSCvo26471"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-12636",
        "datePublished": "2019-10-16T18:36:26.757Z",
        "dateReserved": "2019-06-04T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:09:59.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20162 (GCVE-0-2023-20162)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:01
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T15:59:57.866850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:01:26.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20162",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:01:26.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20160 (GCVE-0-2023-20160)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:03
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.019Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:03:27.598112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:03:50.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20160",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:03:50.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20159 (GCVE-0-2023-20159)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:04
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.978Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:04:33.941738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:04:57.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20159",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:04:57.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20024 (GCVE-0-2023-20024)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:08
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:06:32.323027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:08:03.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20024",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:08:03.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20156 (GCVE-0-2023-20156)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:07
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20156",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:06:23.369847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:07:52.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20156",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:07:52.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20189 (GCVE-0-2023-20189)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 15:58
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.393Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T15:19:03.241300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T15:58:02.150Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20189",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T15:58:02.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20157 (GCVE-0-2023-20157)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:07
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.995Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:06:05.756115Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:07:38.303Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20157",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:07:38.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20161 (GCVE-0-2023-20161)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:02
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20161",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:02:09.721806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:02:35.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20161",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:02:35.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20158 (GCVE-0-2023-20158)

    Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:05
    VLAI
    Title
    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business Smart and Managed Switches Affected: n/a
    Create a notification for this product.
    cisco 250_series_smart_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350_series_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 350x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco 550x_series_stackable_managed_switches_firmware Affected: 0 , < 2.5.9.16 (custom)
        cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_250_series_smart_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco business_350_series_managed_switches_firmware Affected: 0 , < 3.3.0.16 (custom)
        cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_200_series_smart_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_300_series_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco small_business_500_series_stackable_managed_switches_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-05-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.995Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "350x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "550x_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "2.5.9.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_250_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "business_350_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "3.3.0.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_200_series_smart_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_300_series_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_500_series_stackable_managed_switches_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:05:30.404077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:05:48.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-18T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
            "defect": [
              [
                "CSCwe27386",
                "CSCwe27393",
                "CSCwe27394",
                "CSCwe27403",
                "CSCwe27424",
                "CSCwe27425",
                "CSCwe27441",
                "CSCwe27444",
                "CSCwe27445",
                "CSCwe32312",
                "CSCwe32313",
                "CSCwe32315",
                "CSCwe32318",
                "CSCwe32321",
                "CSCwe32323",
                "CSCwe32326",
                "CSCwe32334",
                "CSCwe32338"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20158",
        "datePublished": "2023-05-18T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:05:48.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34739 (GCVE-0-2021-34739)

    Vulnerability from cvelistv5 – Published: 2021-11-04 15:40 – Updated: 2024-11-07 21:43
    VLAI
    Title
    Cisco Small Business Series Switches Session Credentials Replay Vulnerability
    Summary
    A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-11-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211103 Cisco Small Business Series Switches Session Credentials Replay Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:42:41.130667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:43:18.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business Smart and Managed Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-04T15:40:23.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211103 Cisco Small Business Series Switches Session Credentials Replay Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-smb-switches-tokens-UzwpR4e5",
            "defect": [
              [
                "CSCvx48953",
                "CSCvx48962",
                "CSCvx52310"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Series Switches Session Credentials Replay Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-11-03T16:00:00",
              "ID": "CVE-2021-34739",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Small Business Series Switches Session Credentials Replay Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business Smart and Managed Switches",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "8.1",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-613"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211103 Cisco Small Business Series Switches Session Credentials Replay Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-smb-switches-tokens-UzwpR4e5",
              "defect": [
                [
                  "CSCvx48953",
                  "CSCvx48962",
                  "CSCvx52310"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34739",
        "datePublished": "2021-11-04T15:40:23.357Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:43:18.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12718 (GCVE-0-2019-12718)

    Vulnerability from cvelistv5 – Published: 2019-10-16 18:36 – Updated: 2024-11-21 19:08
    VLAI
    Title
    Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business 200 Series Smart Switches Affected: unspecified , < n/a (custom)
    Create a notification for this product.
    Date Public
    2019-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-xss"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-12718",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:56:14.761626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:08:32.647Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business 200 Series Smart Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "n/a",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-16T18:36:30.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-xss"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20191016-sbss-xss",
            "defect": [
              [
                "CSCvo28159",
                "CSCvp35688"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-10-16T16:00:00-0700",
              "ID": "CVE-2019-12718",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business 200 Series Smart Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-xss"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20191016-sbss-xss",
              "defect": [
                [
                  "CSCvo28159",
                  "CSCvp35688"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-12718",
        "datePublished": "2019-10-16T18:36:30.481Z",
        "dateReserved": "2019-06-04T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:08:32.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12636 (GCVE-0-2019-12636)

    Vulnerability from cvelistv5 – Published: 2019-10-16 18:36 – Updated: 2024-11-21 19:09
    VLAI
    Title
    Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2019-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:24:39.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-12636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:56:25.832896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:09:59.032Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business 250 Series Smart Switches Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "n/a",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-16T18:36:26.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20191016-sbss-csrf",
            "defect": [
              [
                "CSCvo26471"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-10-16T16:00:00-0700",
              "ID": "CVE-2019-12636",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business 250 Series Smart Switches Software",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "8.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20191016 Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20191016-sbss-csrf",
              "defect": [
                [
                  "CSCvo26471"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-12636",
        "datePublished": "2019-10-16T18:36:26.757Z",
        "dateReserved": "2019-06-04T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:09:59.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }