![]() This page can also display customer device support coverage for customers who use the My Devices tool. The Cisco Support and Downloads page on provides information about licensing and downloads. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. In most cases this will be a maintenance upgrade to software that was previously purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:Īdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.Ĭustomers may only install and expect support for software versions and feature sets for which they have purchased a license. A successful exploit could allow the attacker to read unauthorized information on an affected device.ĬVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NĬisco has released free software updates that address the vulnerabilities described in this advisory. An attacker could exploit this vulnerability by sending a crafted request through the web-based interface. This vulnerability is due to improper validation of requests that are sent to the web interface. A successful exploit could allow the attacker to cause a DoS condition on an affected device.ĬVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HĬVE-2023-20156: Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow VulnerabilityĬVE-2023-20157: Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow VulnerabilityĬVE-2023-20158: Cisco Small Business Series Switches Unauthenticated Denial-of-Service VulnerabilityĬVE-2023-20162: Cisco Small Business Series Switches Unauthenticated Configuration Reading VulnerabilityĪ vulnerability in the web-based user interface of Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to read unauthorized information on an affected device. ![]() An attacker could exploit this vulnerability by sending a crafted request through the web-based user interface. There are no workarounds that address this vulnerability.ĬVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HĬVE-2023-20160: Cisco Small Business Series Switches Unauthenticated BSS Buffer Overflow VulnerabilityĬVE-2023-20161: Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow VulnerabilityĬVE-2023-20189: Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow VulnerabilityĬVE-2023-20024: Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow VulnerabilityĪ vulnerability in the web-based user interface of Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device.Ĭisco has released software updates that address this vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.ĭetails about the vulnerabilities are as follows:ĬVE-2023-20159: Cisco Small Business Series Switches Stack Buffer Overflow VulnerabilityĪ vulnerability in the web-based user interface of Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. The vulnerabilities are not dependent on one another.
0 Comments
Leave a Reply. |