Business 250 16P 2G Firmware
CVE-2023-20189
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
AnalysisAI
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. Affected products include: Cisco Business 250-16P-2G Firmware, Cisco Business 250-16T-2G Firmware, Cisco Business 250-24Fp-4G Firmware, Cisco Business 250-24Fp-4X Firmware, Cisco Business 250-24P-4G Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
More in Business 250 16P 2G Firmware
View allMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Same weakness CWE-120 – Classic Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today