Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0401
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans plusieurs gammes de commutateurs Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Microgiciel de la gamme de commutateurs 250 Series Smart Switches versions antérieures à 2.5.9.16
- Microgiciel de la gamme de commutateurs 350 Series Managed Smart Switches versions antérieures à 2.5.9.16
- Microgiciel de la gamme de commutateurs 350X Series Stackable Managed Smart Switches versions antérieures à 2.5.9.16
- Microgiciel de la gamme de commutateurs 550X Series Stackable Managed Smart Switches versions antérieures à 2.5.9.16
- Microgiciel de la gamme de commutateurs Business 250 Series Smart Switches versions antérieures à 3.3.0.16
- Microgiciel de la gamme de commutateurs Business 350 Series Smart Switches versions antérieures à 3.3.0.16
- Microgiciel de la gamme de commutateurs Small Business 200 Series Smart Switches
- Microgiciel de la gamme de commutateurs Small Business 300 Series Managed Switches
- Microgiciel de la gamme de commutateurs Small Business 500 Series Stackable Managed Switches
Les produits suivants ne sont plus maintenus par l'éditeur et ne disposeront pas de correctifs de sécurité : Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs 250 Series Smart Switches versions ant\u00e9rieures \u00e0 2.5.9.16\u003c/li\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs 350 Series Managed Smart Switches versions ant\u00e9rieures \u00e0 2.5.9.16\u003c/li\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs 350X Series Stackable Managed Smart Switches versions ant\u00e9rieures \u00e0 2.5.9.16\u003c/li\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs 550X Series Stackable Managed Smart Switches versions ant\u00e9rieures \u00e0 2.5.9.16\u003c/li\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs Business 250 Series Smart Switches versions ant\u00e9rieures \u00e0 3.3.0.16\u003c/li\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs Business 350 Series Smart Switches versions ant\u00e9rieures \u00e0 3.3.0.16\u003c/li\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs Small Business 200 Series Smart Switches\u003c/li\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs Small Business 300 Series Managed Switches\u003c/li\u003e \u003cli\u003eMicrogiciel de la gamme de commutateurs Small Business 500 Series Stackable Managed Switches\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne sont plus maintenus par l\u0027\u00e9diteur et ne disposeront pas de correctifs de s\u00e9curit\u00e9 : Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20160"
},
{
"name": "CVE-2023-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20162"
},
{
"name": "CVE-2023-20159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20159"
},
{
"name": "CVE-2023-20024",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20024"
},
{
"name": "CVE-2023-20158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20158"
},
{
"name": "CVE-2023-20189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20189"
},
{
"name": "CVE-2023-20161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20161"
},
{
"name": "CVE-2023-20156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20156"
},
{
"name": "CVE-2023-20157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20157"
}
],
"initial_release_date": "2023-05-19T00:00:00",
"last_revision_date": "2023-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0401",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans plusieurs gammes de\ncommutateurs \u003cspan class=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sg-web-multi-S9g4Nkgv du 17 mai 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
]
}
CVE-2023-20189 (GCVE-0-2023-20189)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 15:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:19:03.241300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T15:58:02.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20189",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T15:58:02.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20156 (GCVE-0-2023-20156)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:23.369847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:07:52.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20156",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:07:52.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20157 (GCVE-0-2023-20157)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:05.756115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:07:38.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20157",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:07:38.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20162 (GCVE-0-2023-20162)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T15:59:57.866850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:01:26.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20162",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:01:26.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20159 (GCVE-0-2023-20159)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:04:33.941738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:04:57.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20159",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:04:57.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20161 (GCVE-0-2023-20161)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:02:09.721806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:02:35.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20161",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:02:35.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20024 (GCVE-0-2023-20024)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:06:32.323027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:08:03.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20024",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:08:03.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20160 (GCVE-0-2023-20160)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:03:27.598112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:03:50.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20160",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:03:50.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20158 (GCVE-0-2023-20158)
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-10-28 16:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:34.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:350x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "350x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:550x_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "550x_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.5.9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_250_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_250_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:business_350_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_350_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.3.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_200_series_smart_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_200_series_smart_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_300_series_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_300_series_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_500_series_stackable_managed_switches_firmware",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:05:30.404077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:05:48.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business Smart and Managed Switches ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"
}
],
"source": {
"advisory": "cisco-sa-sg-web-multi-S9g4Nkgv",
"defect": [
[
"CSCwe27386",
"CSCwe27393",
"CSCwe27394",
"CSCwe27403",
"CSCwe27424",
"CSCwe27425",
"CSCwe27441",
"CSCwe27444",
"CSCwe27445",
"CSCwe32312",
"CSCwe32313",
"CSCwe32315",
"CSCwe32318",
"CSCwe32321",
"CSCwe32323",
"CSCwe32326",
"CSCwe32334",
"CSCwe32338"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Series Switches Buffer Overflow Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20158",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:05:48.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…