Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-1439

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-24 Mar, 2021 | 20:05
Updated At-08 Nov, 2024 | 23:35
Rejected At-
Credits

Cisco Aironet Access Points FlexConnect Multicast DNS Denial of Service Vulnerability

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:24 Mar, 2021 | 20:05
Updated At:08 Nov, 2024 | 23:35
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco Aironet Access Points FlexConnect Multicast DNS Denial of Service Vulnerability

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Aironet Access Point Software (IOS XE Controller)
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120
Type: CWE
CWE ID: CWE-120
Description: CWE-120
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx
vendor-advisory
x_refsource_CISCO
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:24 Mar, 2021 | 20:15
Updated At:07 Nov, 2023 | 03:28

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Secondary3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Cisco Systems, Inc.
cisco
>>aironet_access_point_software>>-
cpe:2.3:a:cisco:aironet_access_point_software:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>1100_integrated_services_router>>-
cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>aironet_1540>>-
cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>aironet_1560>>-
cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>aironet_1800>>-
cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>aironet_2800>>-
cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>aironet_3800>>-
cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>aironet_4800>>-
cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>catalyst_9100>>-
cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>catalyst_iw6300>>-
cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>esw6300>>-
cpe:2.3:h:cisco:esw6300:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>catalyst_9800_firmware>>Versions from 17.1(inclusive) to 17.3.3(exclusive)
cpe:2.3:o:cisco:catalyst_9800_firmware:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>catalyst_9800>>-
cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primaryykramarz@cisco.com
CWE ID: CWE-120
Type: Primary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMxykramarz@cisco.com
Vendor Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

160Records found
CVE-2022-20915
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.08% / 24.55%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 20:43
Updated-01 Nov, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-115
Misinterpretation of Input
CWE ID-CWE-436
Interpretation Conflict
CVE-2020-3465
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 28.45%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:53
Updated-13 Nov, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vg400ir_11011100-8p1109-2p4431_integrated_services_router9800-clcsr_1000v9800-lios_xe4221_integrated_services_routeresr6300isrv4331_integrated_services_router1101-4p4461_integrated_services_router1109-4p1111x-8p1100-4p1100_terminal_services_gatewaysCisco IOS XE Software 16.8.1
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3552
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:51
Updated-13 Nov, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability

A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562icatalyst_9800-laironet_1830eaironet_1850eaironet_1542dcatalyst_9800-40aironet_access_point_softwareaironet_1562daironet_3800ebusiness_access_pointsaccess_pointsaironet_3800iaironet_1840aironet_1562eaironet_1850icatalyst_9800-l-caironet_2800iaironet_1542icatalyst_9800-claironet_3800pcatalyst_9800-80catalyst_9800-l-faironet_1830iwireless_lan_controlleraironet_2800eaironet_1815aironet_1810aironet_4800Cisco Aironet Access Point Software
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-3390
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.13% / 33.67%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:02
Updated-19 Dec, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2025-20140
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.02% / 3.47%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:36
Updated-31 Jul, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9130axecatalyst_9800-40catalyst_9120axpcatalyst_cw9800h2catalyst_9800-80catalyst_9800-lcatalyst_cw9800mcatalyst_9130axicatalyst_9800-cl_wireless_controllers_for_cloudcatalyst_9115axicatalyst_9117axicatalyst_9120axecatalyst_9105axicatalyst_cw9800h1catalyst_9115axecatalyst_9120axiCisco IOS XE Software
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2025-20141
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 16:12
Updated-06 Aug, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_55a2-mod-hd-sncs_5508ncs_55a2-mod-se-sncs_540-12z20g-sys-ancs_540-fh-csr-sysncs_540x-8z16g-sys-dncs_55a1-24hncs_57c1-48q6-sysncs_540x-16z8q2c-dncs_540-6z14s-sys-dncs_540x-acc-sysios_xrncs_540x-6z18g-sys-ancs_55a1-48q6hncs_540x-8z16g-sys-ancs_5502-sencs_5516ncs_540x-6z18g-sys-dncs_57b1-6d24-sysncs_540x-16z4g8q2c-ancs_5502ncs_540x-12z16g-sys-dncs_540-6z18g-sys-ancs_540-24z8q2c-sysncs_55a2-mod-sncs_540-12z20g-sys-dncs_540-fh-aggncs_540x-12z16g-sys-ancs_540-24q2c2dd-sysncs_540x-4z14g2q-dncs_55a1-36hncs_57c3-mod-sysncs_55a1-36h-sencs_55a1-24q6h-sncs_540-24q8l2dd-sysncs_540-28z4c-sys-dncs_540x-16z4g8q2c-dncs_5504ncs_540x-4z14g2q-ancs_540-acc-sysncs_5501-sencs_540-6z18g-sys-dncs_540-28z4c-sys-ancs_57d2-18dd-sysncs_57b1-5dse-sysncs_5501ncs_55a1-24q6h-ssCisco IOS XR Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-20202
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.02% / 3.69%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:35
Updated-08 Jul, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of access point (AP) Cisco Discovery Protocol (CDP) neighbor reports when they are processed by the wireless controller. An attacker could exploit this vulnerability by sending a crafted CDP packet to an AP. A successful exploit could allow the attacker to cause an unexpected reload of the wireless controller that is managing the AP, resulting in a DoS condition that affects the wireless network.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20189
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.02% / 3.47%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:35
Updated-05 Aug, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_903Cisco IOS XE Software
CWE ID-CWE-762
Mismatched Memory Management Routines
CVE-2025-20111
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.04% / 12.51%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 16:11
Updated-26 Feb, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 3000 and 9000 Series Switches Layer 2 Ethernet Denial of Service Vulnerability

A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco NX-OS Software
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2025-20191
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.01% / 1.88%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:18
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Cisco Products Denial of Service Vulnerability

A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco NX-OS SoftwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2022-20769
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:45
Updated-06 Nov, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8540_wireless_lan_controllervirtual_wireless_controller2504_wireless_lan_controller5520_wireless_lan_controller3504_wireless_lan_controllerflex_75105508_wireless_lan_controllerwireless_lan_controller_softwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20684
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.11% / 30.80%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. This vulnerability is due to a lack of input validation of the information used to generate an SNMP trap related to a wireless client connection event. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0257
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.36%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 20:00
Updated-29 Nov, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on the affected device and cause a DoS condition. Cisco Bug IDs: CSCvg73687.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xeCisco cBR Series Converged Broadband Routers
CWE ID-CWE-399
Not Available
CVE-2023-20089
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.11% / 29.76%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 00:00
Updated-25 Oct, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_93108tc-exnexus_9332d-gx2bnx-osnexus_9372pxnexus_9364c-gxnexus_9508nexus_93108tc-fx-24nexus_92304qcnexus_93120txnexus_92160yc-xnexus_93128txnexus_9316d-gxnexus_9336pq_aci_spinenexus_93108tc-ex-24nexus_9408nexus_9372tx-enexus_93108tc-fx3pnexus_93108tc-fxnexus_93360yc-fx2nexus_9364d-gx2anexus_9396txnexus_93180yc-fx3snexus_9332cnexus_9364cnexus_92300ycnexus_92348gc-xnexus_9336c-fx2nexus_9348gc-fxpnexus_9808nexus_9272qnexus_93180yc-fx-24nexus_9336c-fx2-enexus_9396pxnexus_93216tc-fx2nexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_9348d-gx2anexus_93180yc-exnexus_93600cd-gxnexus_9000vnexus_9372px-enexus_9236cnexus_93180yc-fx3nexus_93180yc-ex-24Cisco NX-OS System Software in ACI Mode
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-20169
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.07% / 20.91%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 18:19
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3548nexus_34200yc-smnexus_3172tqnx-osnexus_9508nexus_9408nexus_9504nexus_3048nexus_3524-xlnexus_3548-xlnexus_31128pqnexus_3132q-vnexus_3164qnexus_3172pqnexus_3172tq-32tnexus_92348gc-xnexus_3132c-znexus_3524-xnexus_31108tc-vnexus_3464cnexus_9232enexus_36180yc-rnexus_3264c-enexus_3264qnexus_3548-xnexus_3132q-xlnexus_3432d-snexus_3172tq-xlnexus_3408-snexus_34180ycnexus_3232nexus_31108pc-vnexus_9516nexus_3172pq-xlnexus_3524Cisco NX-OS Software
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20067
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.06% / 18.45%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-25 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to increase, which could result in a DoS condition on an affected device and could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-1268
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.12% / 32.37%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_1001ios_xrncs_1002Cisco IOS XR Software
CWE ID-CWE-1076
Insufficient Adherence to Expected Conventions
CVE-2020-3577
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 28.45%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:40
Updated-13 Nov, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service Vulnerability

A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation when Ethernet frames are processed. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker do either of the following: Fill the /ngfw partition on the device: A full /ngfw partition could result in administrators being unable to log in to the device (including logging in through the console port) or the device being unable to boot up correctly. Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. Cause a process crash: The process crash would cause the device to reload. No manual intervention is necessary to recover the device after the reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1597
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 18:35
Updated-07 Nov, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-video_surveillance_7530pd_firmwarevideo_surveillance_7530pdvideo_surveillance_7070video_surveillance_7070_firmwareCisco Video Surveillance 7000 Series IP Cameras
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-1596
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 18:35
Updated-07 Nov, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-video_surveillance_7530pd_firmwarevideo_surveillance_7530pdvideo_surveillance_7070video_surveillance_7070_firmwareCisco Video Surveillance 7000 Series IP Cameras
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-1131
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:20
Updated-12 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. The vulnerability is due to missing checks when Cisco Discovery Protocol messages are processed. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected IP camera. A successful exploit could allow the attacker to cause the affected IP camera to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-video_surveillance_8030_ip_camera_firmwarevideo_surveillance_8070_ip_camera_firmwarevideo_surveillance_8400_ip_cameravideo_surveillance_8020_ip_cameravideo_surveillance_8000p_ip_cameravideo_surveillance_8000p_ip_camera_firmwarevideo_surveillance_8930_speed_dome_ip_cameravideo_surveillance_8070_ip_cameravideo_surveillance_8630_ip_cameravideo_surveillance_8930_speed_dome_ip_camera_firmwarevideo_surveillance_8620_ip_cameravideo_surveillance_8620_ip_camera_firmwarevideo_surveillance_8400_ip_camera_firmwarevideo_surveillance_8020_ip_camera_firmwarevideo_surveillance_8030_ip_cameravideo_surveillance_8630_ip_camera_firmwareCisco Video Surveillance 8000 Series IP Cameras
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1308
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.68%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:05
Updated-08 Nov, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv134w_firmwarerv160w_firmwarerv160_firmwarerv345p_firmwarerv260w_firmwarerv340w_firmwarerv132w_firmwarerv160wrv260rv260wrv340wrv132wrv260prv345_firmwarerv340rv260p_firmwarerv134wrv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-3206
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.13% / 33.68%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:40
Updated-15 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.10.1
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3511
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 28.45%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 17:51
Updated-13 Nov, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability

A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr1001-hx-rfasr1002-hx-rf4331\/k9-ws_integrated_services_router1100-6g_integrated_services_routerasr1002-x4331\/k9_integrated_services_router4351\/k9_integrated_services_router1160_integrated_services_router4351\/k9-ws_integrated_services_router1100-4gltena_integrated_services_router1109-2p_integrated_services_router1100_integrated_services_router1100-lte_integrated_services_router4461_integrated_services_routerasr1001-xasr_1000-xasr_1002csr1000vasr_10041109_integrated_services_router111x_integrated_services_router1120_integrated_services_router4351\/k9-rf_integrated_services_router4321\/k9-ws_integrated_services_routerasr1001-x-rf1100-4g_integrated_services_router1111x_integrated_services_routerasr1002-x-rfasr_10134321\/k9-rf_integrated_services_router1101-4p_integrated_services_router4431_integrated_services_routerasr1001-x-wsasr_1001asr1002-hx1100-4p_integrated_services_routerios_xeasr1001-hx1111x-8p_integrated_services_routerasr_10061100-8p_integrated_services_router1109-4p_integrated_services_routerasr1002-x-wsasr_1001-xasr1002-hx-ws1101_integrated_services_router1100-4gltegb_integrated_services_router4331\/k9-rf_integrated_services_routerasr_1002-x4321\/k9_integrated_services_router422_integrated_services_routerCisco IOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34780
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.15%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:45
Updated-07 Nov, 2024 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-business_220-8t-e-2gbusiness_220-24p-4xbusiness_220-48t-4x_firmwarebusiness_220-16t-2g_firmwarebusiness_220-8t-e-2g_firmwarebusiness_220-16p-2g_firmwarebusiness_220-16p-2gbusiness_220-24t-4gbusiness_220-24p-4gbusiness_220-8fp-e-2gbusiness_220-24t-4g_firmwarebusiness_220-48p-4x_firmwarebusiness_220-48fp-4x_firmwarebusiness_220-24fp-4g_firmwarebusiness_220-48t-4g_firmwarebusiness_220-48t-4xbusiness_220-24fp-4x_firmwarebusiness_220-8p-e-2g_firmwarebusiness_220-24p-4x_firmwarebusiness_220-48p-4gbusiness_220-24t-4xbusiness_220-24p-4g_firmwarebusiness_220-48t-4gbusiness_220-48p-4xbusiness_220-24t-4x_firmwarebusiness_220-24fp-4xbusiness_220-16t-2gbusiness_220-48p-4g_firmwarebusiness_220-8fp-e-2g_firmwarebusiness_220-48fp-4xbusiness_220-24fp-4gbusiness_220-8p-e-2gCisco Small Business 200 Series Smart Switches
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-34778
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.69%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:45
Updated-07 Nov, 2024 | 21:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-business_220-8t-e-2gbusiness_220-24p-4xbusiness_220-48t-4x_firmwarebusiness_220-16t-2g_firmwarebusiness_220-8t-e-2g_firmwarebusiness_220-16p-2g_firmwarebusiness_220-16p-2gbusiness_220-24t-4gbusiness_220-24p-4gbusiness_220-8fp-e-2gbusiness_220-24t-4g_firmwarebusiness_220-48p-4x_firmwarebusiness_220-48fp-4x_firmwarebusiness_220-24fp-4g_firmwarebusiness_220-48t-4g_firmwarebusiness_220-48t-4xbusiness_220-24fp-4x_firmwarebusiness_220-8p-e-2g_firmwarebusiness_220-24p-4x_firmwarebusiness_220-48p-4gbusiness_220-24t-4xbusiness_220-24p-4g_firmwarebusiness_220-48t-4gbusiness_220-48p-4xbusiness_220-24t-4x_firmwarebusiness_220-24fp-4xbusiness_220-16t-2gbusiness_220-48p-4g_firmwarebusiness_220-8fp-e-2g_firmwarebusiness_220-48fp-4xbusiness_220-24fp-4gbusiness_220-8p-e-2gCisco Small Business 200 Series Smart Switches
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-34727
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.05%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:26
Updated-07 Nov, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-4451-x_integrated_services_routerasr_1001-x_r1160_integrated_services_routerasr_1002-hxasr_1000_series_route_processor_\(rp2\)asr_1000_series_route_processor_\(rp3\)1100_integrated_services_router1109-2p_integrated_services_routerasr_1001-hx_r4331_integrated_services_router4461_integrated_services_routerasr_1002-hx_rasr_1002-x_rasr_1000-xasr_1009-xasr_1000-esp100asr_1002ios_xe_sd-wan4000_integrated_services_router1000_integrated_services_router1109_integrated_services_routerasr_1004111x_integrated_services_router1120_integrated_services_routerasr_1006-x1111x_integrated_services_routerasr_10134321_integrated_services_routerasr_10231101-4p_integrated_services_router4431_integrated_services_routerasr_10011100-4p_integrated_services_routerasr_1000csr_1000v1100-4g\/6g_integrated_services_router4221_integrated_services_router1111x-8p_integrated_services_routerasr_1000_seriesasr_10061100-8p_integrated_services_router1109-4p_integrated_services_routerasr_1001-x1101_integrated_services_routerasr_1001-hx4451_integrated_services_routerasr_1002-x4351_integrated_services_router422_integrated_services_routerCisco IOS XE SD-WAN Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20451
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.89%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:48
Updated-23 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa_501g_firmwarespa_509g_firmwarespa_514g_4-line_ip_phonespa_508g_firmwarespa_301_1_line_ip_phonespa_525g2_5-line_ip_phonespa_303_3_line_ip_phonespa_514g_firmwarespa_525g2_firmwarespa_508g_8-line_ip_phonespa_301_firmwarespa_512g_firmwarespa_504g_4-line_ip_phonespa_303_firmwarespa_502g_1-line_ip_phonespa_504g_firmwarespa_525g_5-line_ip_phonespa_502g_firmwarespa_501g_8-line_ip_phonespa_509g_12-line_ip_phonespa_512g_1-line_ip_phonespa_525g_firmwareCisco Small Business IP Phones
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1493
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.5||HIGH
EPSS-0.62% / 69.19%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:31
Updated-08 Nov, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1379
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:42
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IP Phones with Multiplatform FirmwareCisco Session Initiation Protocol (SIP) SoftwareCisco Small Business IP Phones
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-12655
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.22% / 78.27%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-19 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.16.8S
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-34779
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.15%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:45
Updated-07 Nov, 2024 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-business_220-8t-e-2gbusiness_220-24p-4xbusiness_220-48t-4x_firmwarebusiness_220-16t-2g_firmwarebusiness_220-8t-e-2g_firmwarebusiness_220-16p-2g_firmwarebusiness_220-16p-2gbusiness_220-24t-4gbusiness_220-24p-4gbusiness_220-8fp-e-2gbusiness_220-24t-4g_firmwarebusiness_220-48p-4x_firmwarebusiness_220-48fp-4x_firmwarebusiness_220-24fp-4g_firmwarebusiness_220-48t-4g_firmwarebusiness_220-48t-4xbusiness_220-24fp-4x_firmwarebusiness_220-8p-e-2g_firmwarebusiness_220-24p-4x_firmwarebusiness_220-48p-4gbusiness_220-24t-4xbusiness_220-24p-4g_firmwarebusiness_220-48t-4gbusiness_220-48p-4xbusiness_220-24t-4x_firmwarebusiness_220-24fp-4xbusiness_220-16t-2gbusiness_220-48p-4g_firmwarebusiness_220-8fp-e-2g_firmwarebusiness_220-48fp-4xbusiness_220-24fp-4gbusiness_220-8p-e-2gCisco Small Business 200 Series Smart Switches
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20162
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20157
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20024
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.61% / 68.85%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20158
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20007
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 46.72%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:40
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the web-based management process to restart, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-20189
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-4.30% / 88.42%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20159
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.34% / 86.78%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20160
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.34% / 86.78%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20161
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.34% / 86.78%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20032
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-8.04% / 91.75%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 15:24
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

Action-Not Available
Vendor-stormshieldClamAVCisco Systems, Inc.
Product-clamavstormshield_network_securityweb_security_appliancesecure_endpointsecure_endpoint_private_cloudCisco Secure Web ApplianceCisco Secure EndpointCisco Secure Endpoint Private Cloud Administration Portal
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-6366
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-90.09% / 99.56%
||
7 Day CHG~0.00%
Published-18 Aug, 2016 | 18:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-14||Apply updates per vendor instructions.

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pix_firewall_506pix_firewall_515e7613-scatalyst_6504-epix_firewall_535catalyst_6509-v-ecatalyst_6500-easa_1000v_cloud_firewall_softwarecatalyst_6509-easa_5505asa_5555-xasa_5506-xasa_5512-xcatalyst_6503-e7606-spix_firewall_525pix_firewall_506easa_5585-xasa_5550pix_firewall_520asa_5525-xasa_5545-xpix_firewall_501catalyst_6513asa_5580catalyst_6513-ecatalyst_6500asa_5500_csc-ssmasa_5500pix_firewall_softwareasa_5516-xasa_5510adaptive_security_appliance_softwareasa_5508-xasa_5520asa_5506h-xcatalyst_6509-neb-aasa_5540pix_firewall_5157604asa_5515-x7609-scatalyst_6506-easa_5500-xasa_5506w-xn/aAdaptive Security Appliance (ASA)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3264
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.14% / 35.23%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 15:35
Updated-15 Nov, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Solution Buffer Overflow Vulnerability

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_cloud_routervedge_20001100-4g_integrated_services_routervedge_100m1100-6g_integrated_services_routervmanage_network_management_systemvedge_5000vsmart_controllersd-wan_firmwarevedge_1001100-4gltegb_integrated_services_routervedge_100wmvedge_10001100-4gltena_integrated_services_routervedge_100bCisco SD-WAN Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20267
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.41% / 60.65%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:15
Updated-28 Aug, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition. Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nx-osCisco NX-OS Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20454
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.55%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:47
Updated-25 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa_501g_firmwarespa_509g_firmwarespa_514g_4-line_ip_phonespa_508g_firmwarespa_301_1_line_ip_phonespa_525g2_5-line_ip_phonespa_303_3_line_ip_phonespa_514g_firmwarespa_525g2_firmwarespa_508g_8-line_ip_phonespa_301_firmwarespa_512g_firmwarespa_504g_4-line_ip_phonespa_303_firmwarespa_502g_1-line_ip_phonespa_504g_firmwarespa_525g_5-line_ip_phonespa_502g_firmwarespa_501g_8-line_ip_phonespa_509g_12-line_ip_phonespa_512g_1-line_ip_phonespa_525g_firmwareCisco Small Business IP Phones
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20450
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.55%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:46
Updated-23 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa_501g_firmwarespa_509g_firmwarespa_514g_4-line_ip_phonespa_508g_firmwarespa_301_1_line_ip_phonespa_525g2_5-line_ip_phonespa_303_3_line_ip_phonespa_514g_firmwarespa_525g2_firmwarespa_508g_8-line_ip_phonespa_301_firmwarespa_512g_firmwarespa_504g_4-line_ip_phonespa_303_firmwarespa_502g_1-line_ip_phonespa_504g_firmwarespa_525g_5-line_ip_phonespa_502g_firmwarespa_501g_8-line_ip_phonespa_509g_12-line_ip_phonespa_512g_1-line_ip_phonespa_525g_firmwareCisco Small Business IP Phonessmall_business_ip_phone_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-20115
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.22% / 45.04%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 16:11
Updated-01 Aug, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20892
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.84%
||
7 Day CHG+0.12%
Published-21 Jul, 2022 | 03:52
Updated-01 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20846
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.97% / 75.74%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:32
Updated-05 Aug, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Cisco Discovery Protocol Buffer Overflow Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow, which could cause the Cisco Discovery Protocol process to reload on the device. The bytes that can be written in the buffer overflow are restricted, which limits remote code execution.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found