Cisco Products Multiple Vulnerabilities
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.
Note:
The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.
Cisco will not release firmware updates for the products already entered end-of-life process.
Impact
- Denial of Service
- Remote Code Execution
- Elevation of Privilege
- Information Disclosure
System / Technologies affected
- 250 Series Smart Switches
- 350 Series Managed Switches
- 350X Series Stackable Managed Switches
- 550X Series Stackable Managed Switches
- Business 250 Series Smart Switches
- Business 350 Series Managed Switches
Below affected products already entered end-of-life process:
- Small Business 200 Series Smart Switches
- Small Business 300 Series Managed Switches
- Small Business 500 Series Stackable Managed Switches
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Vulnerability Identifier
- CVE-2023-20024
- CVE-2023-20156
- CVE-2023-20157
- CVE-2023-20158
- CVE-2023-20159
- CVE-2023-20160
- CVE-2023-20161
- CVE-2023-20162
- CVE-2023-20189
沒有留言:
發佈留言