Skip to main content

Business 250 16P 2G Firmware CVE-2023-20162

CRITICAL
Classic Buffer Overflow (CWE-120)
2023-05-18 psirt@cisco.com
RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware Business 250 16T 2G Firmware Business 250 24Fp 4G Firmware Business 250 24Fp 4X Firmware Business 250 24P 4G Firmware Business 250 24P 4X Firmware Business 250 24Pp 4G Firmware Business 250 24T 4G Firmware Business 250 24T 4X Firmware Business 250 48P 4G Firmware Business 250 48P 4X Firmware Business 250 48Pp 4G Firmware Business 250 48T 4G Firmware Business 250 48T 4X Firmware Business 250 8Fp E 2G Firmware Business 250 8P E 2G Firmware Business 250 8Pp D Firmware Business 250 8Pp E 2G Firmware Business 250 8T D Firmware Business 250 8T E 2G Firmware Business 350 12Np 4X Firmware Business 350 12Xs Firmware Business 350 12Xt Firmware Business 350 16Fp 2G Firmware Business 350 16P 2G Firmware Business 350 16P E 2G Firmware Business 350 16T 2G Firmware Business 350 16T E 2G Firmware Business 350 16Xts Firmware Business 350 24Fp 4G Firmware Business 350 24Fp 4X Firmware Business 350 24Mgp 4X Firmware Business 350 24Ngp 4X Firmware Business 350 24P 4G Firmware Business 350 24P 4X Firmware Business 350 24S 4G Firmware Business 350 24T 4G Firmware Business 350 24T 4X Firmware Business 350 24Xs Firmware Business 350 24Xt Firmware Business 350 24Xts Firmware Business 350 48Fp 4G Firmware Business 350 48Fp 4X Firmware Business 350 48Ngp 4X Firmware Business 350 48P 4G Firmware Business 350 48P 4X Firmware Business 350 48T 4G Firmware Business 350 48T 4X Firmware Business 350 48Xt 4X Firmware Business 350 8Fp 2G Firmware Business 350 8Fp E 2G Firmware Business 350 8Mgp 2X Firmware Business 350 8Mp 2X Firmware Business 350 8P 2G Firmware Business 350 8P E 2G Firmware Business 350 8S E 2G Firmware Business 350 8T E 2G Firmware Business 350 8Xt Firmware Sf200 24 Firmware Sf200 24Fp Firmware Sf200 24P Firmware Sf200 48 Firmware Sf200 48P Firmware Sf200E 24 Firmware Sf200E 24P Firmware Sf200E 48 Firmware Sf200E 48P Firmware Sf200E48P Firmware Sf250 08 Firmware Sf250 08Hp Firmware Sf250 10P Firmware Sf250 18 Firmware Sf250 24 Firmware Sf250 24P Firmware Sf250 26 Firmware Sf250 26Hp Firmware Sf250 26P Firmware Sf250 48 Firmware Sf250 48Hp Firmware Sf250 50 Firmware Sf250 50Hp Firmware Sf250 50P Firmware Sf250X 24 Firmware Sf250X 24P Firmware Sf250X 48 Firmware Sf250X 48P Firmware Sf300 08 Firmware Sf300 24 Firmware Sf300 24Mp Firmware Sf300 24P Firmware Sf300 24Pp Firmware Sf300 48 Firmware Sf300 48P Firmware Sf300 48Pp Firmware Sf302 08 Firmware Sf302 08Mpp Firmware Sf302 08Pp Firmware Sf350 08 Firmware Sf350 10 Firmware Sf350 10Mp Firmware Sf350 10P Firmware Sf350 10Sfp Firmware Sf350 20 Firmware Sf350 24 Firmware Sf350 24Mp Firmware Sf350 24P Firmware Sf350 28 Firmware Sf350 28Mp Firmware Sf350 28P Firmware Sf350 28Sfp Firmware Sf350 48 Firmware Sf350 48Mp Firmware Sf350 48P Firmware Sf350 52 Firmware Sf350 52Mp Firmware Sf350 52P Firmware Sf350 8Mp Firmware Sf350 8Pd Firmware Sf352 08 Firmware Sf352 08Mp Firmware Sf352 08P Firmware Sf355 10P Firmware Sf500 18P Firmware Sf500 24 Firmware Sf500 24Mp Firmware Sf500 24P Firmware Sf500 48 Firmware Sf500 48Mp Firmware Sf500 48P Firmware Sf550X 24 Firmware Sf550X 24Mp Firmware Sf550X 24P Firmware Sf550X 48 Firmware Sf550X 48Mp Firmware Sf550X 48P Firmware Sg200 08 Firmware Sg200 08P Firmware Sg200 10Fp Firmware Sg200 18 Firmware Sg200 26 Firmware Sg200 26Fp Firmware Sg200 26P Firmware Sg200 50 Firmware Sg200 50Fp Firmware Sg200 50P Firmware Sg250 08 Firmware Sg250 08Hp Firmware Sg250 10P Firmware Sg250 18 Firmware Sg250 24 Firmware Sg250 24P Firmware Sg250 26 Firmware Sg250 26Hp Firmware Sg250 26P Firmware Sg250 48 Firmware Sg250 48Hp Firmware Sg250 50 Firmware Sg250 50Hp Firmware Sg250 50P Firmware Sg250X 24 Firmware Sg250X 24P Firmware Sg250X 48 Firmware Sg250X 48P Firmware Sg300 10 Firmware Sg300 10Mp Firmware Sg300 10Mpp Firmware Sg300 10P Firmware Sg300 10Pp Firmware Sg300 10Sfp Firmware Sg300 20 Firmware Sg300 28 Firmware Sg300 28Mp Firmware Sg300 28P Firmware Sg300 28Pp Firmware Sg300 28Sfp Firmware Sg300 52 Firmware Sg300 52Mp Firmware Sg300 52P Firmware Sg350 10 Firmware Sg350 10Mp Firmware Sg350 10P Firmware Sg350 28 Firmware Sg350 28Mp Firmware Sg350 28P Firmware Sg350X 12Pmv Firmware Sg350X 24 Firmware Sg350X 24Mp Firmware Sg350X 24P Firmware Sg350X 24Pd Firmware Sg350X 24Pv Firmware Sg350X 48 Firmware Sg350X 48Mp Firmware Sg350X 48P Firmware Sg350X 48Pv Firmware Sg350X 8Pmd Firmware Sg350Xg 24F Firmware Sg350Xg 24T Firmware Sg350Xg 2F10 Firmware Sg350Xg 48T Firmware Sg355 10Mp Firmware Sg355 10P Firmware Sg500 28 Firmware Sg500 28Mpp Firmware Sg500 28P Firmware Sg500 28Pp Firmware Sg500 52P Firmware Sg500 52Pp Firmware Sg500X 24 Firmware Sg500X 24Mpp Firmware Sg500X 24P Firmware Sg500X 48 Firmware Sg500X 48Mp Firmware Sg500X 48Mpp Firmware Sg500X 48P Firmware Sg500X24Mpp Firmware Sg500Xg 8F8T Firmware Sg500Xg8F8T Firmware Sg550X 24 Firmware Sg550X 24Mp Firmware Sg550X 24Mpp Firmware Sg550X 24P Firmware Sg550X 48 Firmware Sg550X 48Mp Firmware Sg550X 48P Firmware Sg550X 48T Firmware Sg550Xg 24F Firmware Sg550Xg 24T Firmware Sg550Xg 48T Firmware Sg550Xg 8F8T Firmware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 18, 2023 - 03:15 nvd
CRITICAL 9.8

DescriptionNVD

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

AnalysisAI

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. Affected products include: Cisco Business 250-16P-2G Firmware, Cisco Business 250-16T-2G Firmware, Cisco Business 250-24Fp-4G Firmware, Cisco Business 250-24Fp-4X Firmware, Cisco Business 250-24P-4G Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

Share

CVE-2023-20162 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy