Search criteria
20 vulnerabilities found for sg550x-48t_firmware by cisco
CVE-2024-20263 (GCVE-0-2024-20263)
Vulnerability from nvd – Published: 2024-01-26 17:27 – Updated: 2024-11-13 14:55
VLAI?
Summary
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices.
Severity ?
5.8 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
2.0.0.73
Affected: 2.1.0.63 Affected: 2.2.0.63 Affected: 2.2.0.66 Affected: 2.2.5.68 Affected: 2.2.7.07 Affected: 2.2.8.04 Affected: 2.3.0.130 Affected: 2.3.5.63 Affected: 2.4.0.91 Affected: 2.4.0.94 Affected: 2.4.5.71 Affected: 2.5.0.78 Affected: 2.5.0.79 Affected: 2.5.0.82 Affected: 2.5.0.83 Affected: 2.5.0.89 Affected: 2.5.0.90 Affected: 2.5.0.92 Affected: 2.5.5.47 Affected: 2.5.7.85 Affected: 2.5.8.12 Affected: 2.5.8.15 Affected: 2.5.9.13 Affected: 2.5.9.15 Affected: 2.5.9.16 Affected: 3.0.0.61 Affected: 3.0.0.69 Affected: 3.1.0.57 Affected: 3.1.1.7 Affected: 3.2.0.84 Affected: 3.2.0.89 Affected: 3.2.1.1 Affected: 3.3.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-bus-acl-bypass-5zn9hNJk",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T16:31:15.728944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:55:13.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0.0.73"
},
{
"status": "affected",
"version": "2.1.0.63"
},
{
"status": "affected",
"version": "2.2.0.63"
},
{
"status": "affected",
"version": "2.2.0.66"
},
{
"status": "affected",
"version": "2.2.5.68"
},
{
"status": "affected",
"version": "2.2.7.07"
},
{
"status": "affected",
"version": "2.2.8.04"
},
{
"status": "affected",
"version": "2.3.0.130"
},
{
"status": "affected",
"version": "2.3.5.63"
},
{
"status": "affected",
"version": "2.4.0.91"
},
{
"status": "affected",
"version": "2.4.0.94"
},
{
"status": "affected",
"version": "2.4.5.71"
},
{
"status": "affected",
"version": "2.5.0.78"
},
{
"status": "affected",
"version": "2.5.0.79"
},
{
"status": "affected",
"version": "2.5.0.82"
},
{
"status": "affected",
"version": "2.5.0.83"
},
{
"status": "affected",
"version": "2.5.0.89"
},
{
"status": "affected",
"version": "2.5.0.90"
},
{
"status": "affected",
"version": "2.5.0.92"
},
{
"status": "affected",
"version": "2.5.5.47"
},
{
"status": "affected",
"version": "2.5.7.85"
},
{
"status": "affected",
"version": "2.5.8.12"
},
{
"status": "affected",
"version": "2.5.8.15"
},
{
"status": "affected",
"version": "2.5.9.13"
},
{
"status": "affected",
"version": "2.5.9.15"
},
{
"status": "affected",
"version": "2.5.9.16"
},
{
"status": "affected",
"version": "3.0.0.61"
},
{
"status": "affected",
"version": "3.0.0.69"
},
{
"status": "affected",
"version": "3.1.0.57"
},
{
"status": "affected",
"version": "3.1.1.7"
},
{
"status": "affected",
"version": "3.2.0.84"
},
{
"status": "affected",
"version": "3.2.0.89"
},
{
"status": "affected",
"version": "3.2.1.1"
},
{
"status": "affected",
"version": "3.3.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:34.210Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-bus-acl-bypass-5zn9hNJk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk"
}
],
"source": {
"advisory": "cisco-sa-sb-bus-acl-bypass-5zn9hNJk",
"defects": [
"CSCwf48882",
"CSCwh68993"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20263",
"datePublished": "2024-01-26T17:27:08.928Z",
"dateReserved": "2023-11-08T15:08:07.623Z",
"dateUpdated": "2024-11-13T14:55:13.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20189 (GCVE-0-2023-20189)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 15:58
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:19:03.241300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T15:58:02.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20189",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T15:58:02.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20162 (GCVE-0-2023-20162)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:01
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:59:57.866850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:01:26.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20162",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:01:26.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20161 (GCVE-0-2023-20161)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:02
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:02:09.721806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:02:35.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20161",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:02:35.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20160 (GCVE-0-2023-20160)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:03
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:03:27.598112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:03:50.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20160",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:03:50.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20159 (GCVE-0-2023-20159)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:04
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:04:33.941738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:04:57.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20159",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:04:57.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20158 (GCVE-0-2023-20158)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:05
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:05:30.404077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:05:48.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20158",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:05:48.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20157 (GCVE-0-2023-20157)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:07
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:05.756115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:07:38.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20157",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:07:38.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20156 (GCVE-0-2023-20156)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:07
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:23.369847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:07:52.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20156",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:07:52.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20024 (GCVE-0-2023-20024)
Vulnerability from nvd – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:08
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:32.323027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:08:03.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20024",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:08:03.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20263 (GCVE-0-2024-20263)
Vulnerability from cvelistv5 – Published: 2024-01-26 17:27 – Updated: 2024-11-13 14:55
VLAI?
Summary
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices.
Severity ?
5.8 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
2.0.0.73
Affected: 2.1.0.63 Affected: 2.2.0.63 Affected: 2.2.0.66 Affected: 2.2.5.68 Affected: 2.2.7.07 Affected: 2.2.8.04 Affected: 2.3.0.130 Affected: 2.3.5.63 Affected: 2.4.0.91 Affected: 2.4.0.94 Affected: 2.4.5.71 Affected: 2.5.0.78 Affected: 2.5.0.79 Affected: 2.5.0.82 Affected: 2.5.0.83 Affected: 2.5.0.89 Affected: 2.5.0.90 Affected: 2.5.0.92 Affected: 2.5.5.47 Affected: 2.5.7.85 Affected: 2.5.8.12 Affected: 2.5.8.15 Affected: 2.5.9.13 Affected: 2.5.9.15 Affected: 2.5.9.16 Affected: 3.0.0.61 Affected: 3.0.0.69 Affected: 3.1.0.57 Affected: 3.1.1.7 Affected: 3.2.0.84 Affected: 3.2.0.89 Affected: 3.2.1.1 Affected: 3.3.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-bus-acl-bypass-5zn9hNJk",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T16:31:15.728944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:55:13.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0.0.73"
},
{
"status": "affected",
"version": "2.1.0.63"
},
{
"status": "affected",
"version": "2.2.0.63"
},
{
"status": "affected",
"version": "2.2.0.66"
},
{
"status": "affected",
"version": "2.2.5.68"
},
{
"status": "affected",
"version": "2.2.7.07"
},
{
"status": "affected",
"version": "2.2.8.04"
},
{
"status": "affected",
"version": "2.3.0.130"
},
{
"status": "affected",
"version": "2.3.5.63"
},
{
"status": "affected",
"version": "2.4.0.91"
},
{
"status": "affected",
"version": "2.4.0.94"
},
{
"status": "affected",
"version": "2.4.5.71"
},
{
"status": "affected",
"version": "2.5.0.78"
},
{
"status": "affected",
"version": "2.5.0.79"
},
{
"status": "affected",
"version": "2.5.0.82"
},
{
"status": "affected",
"version": "2.5.0.83"
},
{
"status": "affected",
"version": "2.5.0.89"
},
{
"status": "affected",
"version": "2.5.0.90"
},
{
"status": "affected",
"version": "2.5.0.92"
},
{
"status": "affected",
"version": "2.5.5.47"
},
{
"status": "affected",
"version": "2.5.7.85"
},
{
"status": "affected",
"version": "2.5.8.12"
},
{
"status": "affected",
"version": "2.5.8.15"
},
{
"status": "affected",
"version": "2.5.9.13"
},
{
"status": "affected",
"version": "2.5.9.15"
},
{
"status": "affected",
"version": "2.5.9.16"
},
{
"status": "affected",
"version": "3.0.0.61"
},
{
"status": "affected",
"version": "3.0.0.69"
},
{
"status": "affected",
"version": "3.1.0.57"
},
{
"status": "affected",
"version": "3.1.1.7"
},
{
"status": "affected",
"version": "3.2.0.84"
},
{
"status": "affected",
"version": "3.2.0.89"
},
{
"status": "affected",
"version": "3.2.1.1"
},
{
"status": "affected",
"version": "3.3.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:34.210Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-bus-acl-bypass-5zn9hNJk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk"
}
],
"source": {
"advisory": "cisco-sa-sb-bus-acl-bypass-5zn9hNJk",
"defects": [
"CSCwf48882",
"CSCwh68993"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20263",
"datePublished": "2024-01-26T17:27:08.928Z",
"dateReserved": "2023-11-08T15:08:07.623Z",
"dateUpdated": "2024-11-13T14:55:13.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20160 (GCVE-0-2023-20160)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:03
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:03:27.598112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:03:50.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20160",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:03:50.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20024 (GCVE-0-2023-20024)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:08
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:32.323027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:08:03.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20024",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:08:03.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20159 (GCVE-0-2023-20159)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:04
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:04:33.941738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:04:57.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20159",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:04:57.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20161 (GCVE-0-2023-20161)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:02
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:02:09.721806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:02:35.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20161",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:02:35.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20158 (GCVE-0-2023-20158)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:05
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:05:30.404077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:05:48.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20158",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:05:48.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20189 (GCVE-0-2023-20189)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 15:58
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:19:03.241300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T15:58:02.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20189",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T15:58:02.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20156 (GCVE-0-2023-20156)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:07
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:23.369847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:07:52.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20156",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:07:52.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20162 (GCVE-0-2023-20162)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:01
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:59:57.866850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:01:26.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20162",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:01:26.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20157 (GCVE-0-2023-20157)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:07
VLAI?
Title
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:05.756115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:07:38.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20157",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:07:38.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}