On Wednesday, May 17, 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches.
Cisco’s Product Security Incident Response Team (PSIRT) is aware of PoC exploit code being available for these vulnerabilities, however, they have not identified a publicly available PoC exploit. It is plausible that the security researcher that identified these vulnerabilities could publish a PoC exploit in the future if they choose to publish their research.
Exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on compromised devices through an exposed web-interface.
CVEs | Product | Vulnerable Firmware | Fixed Firmware |
|
|
2.5.9.15 and earlier | 2.5.9.16 |
|
3.3.0.15 | 3.3.0.16 | |
|
EOL – No patch available |
In addition to the four critical vulnerabilities, Cisco has also patched five high severity vulnerabilities that could lead to Denial of Service (DoS) and/or Unauthorized Read.
Recommendation
Recommendation #1: Apply Vendor Supplied Updates to Affected Products
We strongly recommend applying the latest relevant security updates to the impacted products as no workarounds are available. Security updates can be found via Cisco’s Support and Downloads page here: https://www.cisco.com/c/en/us/support/index.html
Note: Arctic Wolf recommends the following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact.