Home » » Cisco is patching some small business router bugs, so patch now

Cisco is patching some small business router bugs, so patch now

No comments

Cisco says it has fixed four high-severity vulnerabilities which could have allowed threat actors to remotely hijack network switches for small businesses. 

In a security advisory published by the company’s Product Security Incident Response Team (PSIRT), hackers could abuse flaws in the web user interface to run arbitrary code with root privileges. The flaws in question are tracked as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189, all with a 9.8 severity rating. 

"An attacker could exploit this vulnerability by sending a crafted request through the web-based user interface," Cisco stated. "A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device."

Multiple devices affected

The list of vulnerable devices includes the 250 Series smart switches, 350 Series managed switches, and 350X Series and 550X stackable managed switches. To fix the flaws, IT teams are advised to bring their firmware up to version 2.5.9.16. There is no workaround for the flaws, Cisco said, so the only way to truly stay safe is to apply the patch.

Small Business 200 Series smart switches, Small Business 300 Series managed switches, and Small Business 500 Series stackable managed switches are also said to be affected by the flaws, but as these are reaching end-of-life, Cisco won’t be releasing a patch. Businesses using these endpoints are advised to migrate to a newer model.

Read more

> How cross-site scripting attacks work

 > Cisco says its server management tool has a serious security flaw

 > Here are the best malware removal tools

Businesses with service contracts that include software updates will receive the fixes through the usual update channels, Cisco said. Businesses with valid Cisco or third-party licenses will have their gear patched through maintenance upgrades, it was added.

While the company claims there’s no evidence of these flaws being used in the wild, it did say that a proof-of-concept exists. As such, it’s just a matter of time before hackers start exploiting the vulnerabilities. 

The flaws were discovered by an “external researcher”, Cisco concluded.

Via: The Register



from TechRadar - All the latest technology news https://ift.tt/SGNjLyu
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us