Detections
Analytics
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities (cisco-sa-sg-web-multi-S9g4Nkgv)
critical Nessus Plugin ID 176111
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwe27386, CSCwe27393, CSCwe27394, CSCwe27403, CSCwe27424, CSCwe27425, CSCwe27441, CSCwe27444, CSCwe27445, CSCwe32312, CSCwe32313, CSCwe32315, CSCwe32318, CSCwe32321, CSCwe32323, CSCwe32326, CSCwe32334, CSCwe32338See Also
http://www.nessus.org/u?618cd4e4
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27386
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27393
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27394
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27403
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27424
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27425
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27441
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27444
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe27445
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32312
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32313
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32315
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32318
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32321
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32323
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe32326
Plugin Details
Severity: Critical
ID: 176111
File Name: cisco-sa-sg-web-multi-S9g4Nkgv.nasl
Version: 1.1
Type: remote
Family: CISCO
Published: 5/19/2023
Updated: 5/22/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2023-20189
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: x-cpe:/o:cisco:small_business_series_switch, x-cpe:/h:cisco:small_business_series_switch
Required KB Items: Cisco/Small_Business_Router/Version, Cisco/Small_Business_Router/Model
Exploit Ease: No known exploits are available
Patch Publication Date: 5/17/2023
Vulnerability Publication Date: 5/17/2023
Reference Information
CVE: CVE-2023-20024, CVE-2023-20156, CVE-2023-20157, CVE-2023-20158, CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20162, CVE-2023-20189
CISCO-SA: cisco-sa-sg-web-multi-S9g4Nkgv
IAVA: 2023-A-0262
CISCO-BUG-ID: CSCwe27386, CSCwe27393, CSCwe27394, CSCwe27403, CSCwe27424, CSCwe27425, CSCwe27441, CSCwe27444, CSCwe27445, CSCwe32312, CSCwe32313, CSCwe32315, CSCwe32318, CSCwe32321, CSCwe32323, CSCwe32326, CSCwe32334, CSCwe32338