Four Critical RCE Vulnerabilities in Cisco Small Business Series Switches

Share :

On Wednesday, May 17, 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches.  

Cisco’s Product Security Incident Response Team (PSIRT) is aware of PoC exploit code being available for these vulnerabilities, however, they have not identified a publicly available PoC exploit. It is plausible that the security researcher that identified these vulnerabilities could publish a PoC exploit in the future if they choose to publish their research.  

Exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on compromised devices through an exposed web-interface.  

CVEs  Product  Vulnerable Firmware  Fixed Firmware 
  • CVE-2023-20159 
  • CVE-2023-20160 
  • CVE-2023-20161 
  • CVE-2023-20189 
  • 250 Series Smart Switches 
  • 350 Series Managed Switches  
  • 350X Series Stackable Managed Switches 
  • 550X Series Stackable Managed Switches and earlier 
  • Business 250 Series Smart Switches 
  • Business 350 Series Managed Switches 
  • Small Business 200 Series Smart Switches 
  • Small Business 300 Series Managed Switches 
  • Small Business 500 Series Stackable Managed Switches 
   EOL – No patch available 


In addition to the four critical vulnerabilities, Cisco has also patched five high severity vulnerabilities that could lead to Denial of Service (DoS) and/or Unauthorized Read. 


Recommendation #1: Apply Vendor Supplied Updates to Affected Products 

We strongly recommend applying the latest relevant security updates to the impacted products as no workarounds are available. Security updates can be found via Cisco’s Support and Downloads page here:  

Note: Arctic Wolf recommends the following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact. 


Picture of James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents
Subscribe to our Monthly Newsletter