Sf200 24 Firmware
CVE-2023-20188
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability.
AnalysisAI
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-87. A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability. Affected products include: Cisco Sf200-24 Firmware, Cisco Sf200-24Fp Firmware, Cisco Sf200-24P Firmware, Cisco Sf200-48 Firmware, Cisco Sf200-48P Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sf200 24 Firmware
View allA vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an u
A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches cou
Share
External POC / Exploit Code
Leaving vuln.today