CVE-2023-20189

CWE-120 — Classic Buffer Overflow CWE-121 — Stack-based Buffer Overflow CWE-122 — Heap-based Buffer Overflow CWE-200 — Information Exposure CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

9.8CRITICAL

EPSS

4.3%

top 11.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Small Business Smart AND Managed Switches

Timeline

PublishedMay 18

Description

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5cisco/cisco_small_business_smart_and_managed_switchesn/a

🔴Vulnerability Details

GHSA

GHSA-59fm-3j8w-jm49: Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attack↗2023-05-18

▶

CVEList

Cisco Small Business Series Switches Buffer Overflow Vulnerabilities↗2023-05-18

▶

📋Vendor Advisories

Cisco

Cisco Small Business Series Switches Buffer Overflow Vulnerabilities↗2023-05-17

▶