Secure Identities

Critical Cisco Series Switch Vulnerabilities: Mitigation and Recommendations

Posted on September 6, 2023

Estimated reading time minutes

Multiple vulnerabilities have been identified in the web-based user interface of certain Cisco Series Switches which could allow an unauthenticated, remote attacker to cause a denial of service (DoS). CISCO have labelled this vulnerability as critical and should be remediated as quickly as possible. This could be achieved with arbitrary code with root privileges on an affected device.

Impact & Assessment

Due to the nature of a buffer overflow the impact has the potential to be vast and extremely disruptive. As given in the title a buffer overflow attempt is when an attacker sends data to a program, which it stores in an undersized memory allocation. The result is that information in the memory (stack) is overwritten, with crafted code (arbitrary code) inputted by the malicious actor. This code could be referring to a return address where malware is located and can run.

Mitigation & Recommendations

MITIGATIONS
CISCO has released patches for the CISCO 250 series however the other versions have entered their end of life phase.
 
If Atech managed your CISCO appliances, there will be a update of the released software to ensure protection from any such attempt
 
RECOMMENDATIONS
If Atech doesn’t manage your CISCO 250 appliances, please refer to the CISCO website to pull down the latest patch software and install as per the change control process.

Should you have any of the CISCO series, detailed in the affected versions, devices deployed on your network, it is advised that an upgrade is considered.

Affected Versions

  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches
  • Business 250 Series Smart Switches
  • Business 350 Series Managed Switches
  • Small Business 200 Series Smart Switches
  • Small Business 300 Series Managed Switches
  • Small Business 500 Series Stackable Managed Switches

How can we help?

 
As Microsoft accredited cloud service providers we’ve got the tools and talent to put the incredible potential of cloud technology at the heart of your operation.

Fill in the form to speak to one of our cloud consultants about your cloud project. Let’s get the conversation started.


 


    First name
    Last name
    Email
    Phone
    Message