Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-20900

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-21 Jul, 2022 | 03:51
Updated At-06 Nov, 2024 | 16:09
Rejected At-
Credits

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:21 Jul, 2022 | 03:51
Updated At:06 Nov, 2024 | 16:09
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Small Business RV Series Router Firmware
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120
Type: CWE
CWE ID: CWE-120
Description: CWE-120
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK
vendor-advisory
x_refsource_CISCO
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:22 Jul, 2022 | 04:15
Updated At:07 Nov, 2023 | 03:43

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Cisco Systems, Inc.
cisco
>>rv215w_firmware>>1.3.1.7
cpe:2.3:o:cisco:rv215w_firmware:1.3.1.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>rv215w>>-
cpe:2.3:h:cisco:rv215w:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>rv130w_firmware>>1.3.1.7
cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>rv130w>>-
cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>rv130_firmware>>1.3.1.7
cpe:2.3:o:cisco:rv130_firmware:1.3.1.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>rv130>>-
cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>rv110w_firmware>>1.3.1.7
cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>rv110w>>-
cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE-120Secondaryykramarz@cisco.com
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-120
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAKykramarz@cisco.com
Vendor Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

400Records found
CVE-2021-1191
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1168
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.31% / 53.48%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-12 Nov, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1186
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1213
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1211
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1176
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:35
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1341
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1195
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:22
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1346
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:40
Updated-08 Nov, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1324
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:42
Updated-08 Nov, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1190
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1212
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1162
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-12 Nov, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1188
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1329
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1326
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:42
Updated-08 Nov, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1314
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1343
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:40
Updated-08 Nov, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1340
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1192
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1307
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:45
Updated-12 Nov, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1197
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:22
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1217
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110w_wireless-n_vpn_firewall_firmwarerv215w_wireless-n_vpn_router_firmwarerv130w_wireless-n_multifunction_vpn_routerrv110w_wireless-n_vpn_firewallrv130w_wireless-n_multifunction_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1159
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:37
Updated-12 Nov, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1248
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.83%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:10
Updated-12 Nov, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-1187
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1318
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.67% / 70.37%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:55
Updated-08 Nov, 2024 | 23:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1334
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1554
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.74% / 71.99%
||
7 Day CHG~0.00%
Published-22 May, 2021 | 06:40
Updated-08 Nov, 2024 | 23:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-wap131wap351_firmwarewap351wap125_firmwarewap581wap125wap361wap581_firmwarewap131_firmwarewap150wap150_firmwarewap361_firmwareCisco Business Wireless Access Point Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-3143
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-2.63% / 85.12%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:25
Updated-13 Nov, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_mx300_firmwarewebex_board_70_firmwaretelepresence_mx700webex_board_70webex_board_55s_firmwarewebex_room_55ex90telepresence_mx200ex60_firmwaretelepresence_mx800_firmwarewebex_dx80webex_dx70webex_board_55telepresence_mx700_firmwarewebex_room_55_firmwareex90_firmwaretelepresence_codec_c60_firmwaretelepresence_mx800webex_room_70webex_board_55_firmwarewebex_board_85stelepresence_codec_c90sx20_firmwaretelepresence_codec_c90_firmwaretelepresence_codec_c60telepresence_codec_c40webex_dx70_firmwarewebex_dx80_firmwaresx80webex_board_85s_firmwaretelepresence_codec_c40_firmwaresx10_firmwaresx20ex60webex_room_70_firmwarewebex_board_70s_firmwaretelepresence_mx300sx80_firmwaretelepresence_mx200_firmwarewebex_board_55swebex_board_70ssx10Cisco TelePresence TC Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-3212
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-1.81% / 82.09%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:41
Updated-15 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.11.1
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-20478
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.84%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 16:30
Updated-01 Aug, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerCisco Application Policy Infrastructure Controller (APIC)application_policy_infrastructure_controller
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-20156
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20157
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20159
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.34% / 86.78%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20161
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.34% / 86.78%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20168
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 18:07
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_34200yc-smnexus_56128pnexus_3172tqnx-osnexus_9508nexus_6000nexus_6004nexus_9408mds_9140mds_9506mds_9250inexus_3548-xlnexus_31128pqnexus_3132q-vnexus_6001pnexus_3164qnexus_92348gc-xnexus_3172tq-32tmds_9200nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_5648qmds_9000mds_9718nexus_3464cmds_9700mds_9148smds_9513nexus_9232enexus_36180yc-rmds_9148tnexus_5500nexus_5672upmds_9132tnexus_3264qnexus_1000_virtual_edgenexus_3432d-snexus_7004nexus_34180ycnexus_3232mds_9509nexus_31108pc-vmds_9706nexus_5596upnexus_7009nexus_3524mds_9216nexus_3548mds_9500mds_9216anexus_7018nexus_5696qmds_9100mds_9148nexus_3048nexus_9504nexus_6001nexus_3524-xlmds_9396tnexus_7000nexus_7010mds_9396snexus_3172pqnexus_5548upmds_9222inexus_1000vmds_9216inexus_5596tnexus_3264c-enexus_5624qnexus_3548-xnexus_6004xnexus_3132q-xlmds_9710nexus_3172tq-xlnexus_3408-snexus_6001tnexus_9516mds_9134nexus_3172pq-xlnexus_5600nexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20024
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.61% / 68.85%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20162
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20160
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-3.34% / 86.78%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20158
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20032
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.84% / 91.62%
||
7 Day CHG-0.20%
Published-16 Feb, 2023 | 15:24
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

Action-Not Available
Vendor-stormshieldClamAVCisco Systems, Inc.
Product-clamavstormshield_network_securityweb_security_appliancesecure_endpointsecure_endpoint_private_cloudCisco Secure Web ApplianceCisco Secure EndpointCisco Secure Endpoint Private Cloud Administration Portal
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20189
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-4.30% / 88.43%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-28 Oct, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsg500xg8f8tbusiness_250-16t-2g_firmwaresg250-10p_firmwaresf500-24mp_firmwaresf250-08hp_firmwaresf250-10p_firmwaresf250-26sg250x-24p_firmwarebusiness_350-16p-2gsf250x-48p_firmwaresf250-26_firmwarebusiness_250-48p-4xsg200-26sg250-18sg500-28sg350x-24mpsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwarebusiness_350-8fp-e-2gsf200-24_firmwaresg550xg-8f8t_firmwarebusiness_250-48t-4xsg350xg-24tsf200e-24sg550xg-48t_firmwaresf350-48psg550xg-48tsg500x-24psf250-08_firmwarebusiness_350-48t-4gsf300-24mp_firmwaresf550x-24mp_firmwaresf200e-24psg350x-24mp_firmwaresg350-28sf250-26p_firmwaresf550x-48p_firmwaresg200-10fpbusiness_350-16fp-2gbusiness_350-8fp-2g_firmwarebusiness_350-16p-e-2gsf200e-48sg500x24mppsg250-50hp_firmwaresg350x-12pmvsg250-24business_250-8p-e-2g_firmwarebusiness_350-24s-4gsg350x-24business_350-24fp-4xbusiness_350-8mp-2xbusiness_350-48p-4gbusiness_350-8fp-e-2g_firmwaresf350-28mpsf550x-48_firmwaresg250x-24sg550xg-8f8tsf250-50psg250-24p_firmwaresg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg350-10p_firmwaresg355-10psg200-50psg200-26fp_firmwaresg350-10psg250-50psg300-52psf500-18p_firmwaresf350-20_firmwarebusiness_350-16xts_firmwarebusiness_350-12xssg250-26hpsf352-08_firmwaresg250x-48p_firmwarebusiness_250-16p-2gsf352-08mpsg350x-24pv_firmwaresf500-24p_firmwarebusiness_250-16p-2g_firmwarebusiness_350-8fp-2gbusiness_350-8p-e-2gsf200e-48psg500x-48mp_firmwarebusiness_250-8p-e-2gbusiness_250-24t-4x_firmwaresg300-10sfpsf500-24mpsg300-28_firmwarebusiness_250-8t-e-2gsf500-24psf200-24p_firmwaresf302-08ppsf300-48sg350xg-48t_firmwaresg250-26sg300-10sfp_firmwarebusiness_250-8pp-e-2g_firmwaresf550x-48mp_firmwaresf350-52sg250x-48sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsf250-08hpbusiness_250-48t-4g_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48pbusiness_350-24fp-4x_firmwaresg350xg-24f_firmwaresg500x-24mpp_firmwarebusiness_350-24xtsbusiness_250-24p-4xsg300-28mpsf350-24mpsf250-24_firmwaresg350-28mpsf302-08sg350x-48sg300-28pp_firmwarebusiness_350-24mgp-4x_firmwaresg350-10mp_firmwaresf302-08mpp_firmwarebusiness_350-8xt_firmwarebusiness_250-8pp-e-2gsf500-48mpsg300-52p_firmwaresg300-10psf550x-24p_firmwarebusiness_350-24p-4xsg300-10mp_firmwaresg200-08p_firmwaresf200-24fp_firmwarebusiness_350-12xs_firmwaresg550x-24business_350-24p-4gsf300-08sf350-52psf250x-24_firmwarebusiness_350-16xtsbusiness_350-8s-e-2gsf350-48_firmwaresg250-10psg200-08business_250-8pp-dsg250-50_firmwaresf250-10psg350xg-2f10_firmwaresf250x-24p_firmwaresf250-50_firmwaresg250-08sg350-28psg250-26hp_firmwarebusiness_350-8xtbusiness_250-48t-4gbusiness_350-24xs_firmwaresf200e48p_firmwaresf200e-24p_firmwaresg350xg-48tbusiness_350-48t-4x_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-8pmdsg350x-48psf200e-48p_firmwaresg500x-24business_350-24xt_firmwarebusiness_250-16t-2gsf350-10sfp_firmwarebusiness_350-48ngp-4x_firmwaresg350-10_firmwarebusiness_350-12np-4x_firmwaresf350-52p_firmwaresg250x-48psg500x-24p_firmwaresg250-48sg550x-24p_firmwarebusiness_350-16t-e-2g_firmwaresf200-24fpsg500xg-8f8t_firmwarebusiness_250-24pp-4gbusiness_250-48p-4gsf300-24psg250-48hp_firmwaresg550xg-24t_firmwaresg550x-48t_firmwarebusiness_250-24t-4g_firmwaresf302-08mppsg500-52ppsf250-48_firmwaresg350x-48p_firmwarebusiness_350-24xtsg300-28mp_firmwaresf550x-24mpbusiness_350-48fp-4x_firmwarebusiness_350-8t-e-2gsg250-50hpsg550x-24mpp_firmwaresg200-18business_350-24p-4g_firmwaresg250-48hpbusiness_350-24t-4xsg350xg-24fsg500x-48mpsf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwaresf350-28psf350-8pdbusiness_350-48ngp-4xsf355-10p_firmwarebusiness_350-8t-e-2g_firmwaresf300-24pp_firmwarebusiness_350-24fp-4g_firmwarebusiness_250-8t-e-2g_firmwarebusiness_250-8fp-e-2g_firmwarebusiness_350-12xtsf250-24psf250-08sg300-10p_firmwaresf350-10psg250-18_firmwaresg300-52_firmwaresf350-24pbusiness_350-48fp-4xbusiness_250-48pp-4g_firmwarebusiness_350-8s-e-2g_firmwaresg300-52sg250x-24psg500x-48sg200-26_firmwaresf200e48pbusiness_250-8pp-d_firmwaresf350-24sg300-20sg500-28psg500-52pp_firmwaresg550x-48tsg350x-48_firmwaresg250-24psf200-48sf350-24mp_firmwaresf350-52mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresg550x-48mp_firmwaresf350-48sf350-52mpsf300-24_firmwaresf300-48psf350-10sfpsf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pbusiness_250-24fp-4g_firmwarebusiness_250-8t-d_firmwaresf250-24business_250-48p-4g_firmwaresf300-24ppsg550x-48pbusiness_250-24fp-4x_firmwaresf250-50hpsg350x-48mp_firmwaresg550xg-24f_firmwaresg250x-24_firmwaresf350-8mpbusiness_350-24mgp-4xbusiness_350-24xssg350x-12pmv_firmwaresg355-10mpsf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwaresf350-24_firmwaresg200-50business_250-48pp-4gsg300-52mpsf250x-24psf250x-48pbusiness_350-48t-4g_firmwaresf200-48p_firmwaresf352-08sg500-28pp_firmwarebusiness_350-24t-4x_firmwarebusiness_350-48fp-4g_firmwaresf250-48business_350-12np-4xbusiness_350-8p-2g_firmwaresg300-20_firmwaresf350-28sfp_firmwaresf250x-24business_350-24fp-4gsf500-48sg200-50fpsg550x-24_firmwaresg250x-48_firmwaresg500-28mppbusiness_350-16p-2g_firmwaresf350-8pd_firmwaresg250-50p_firmwaresf350-48p_firmwarebusiness_350-24xts_firmwaresf350-10mp_firmwaresg355-10mp_firmwarebusiness_350-8p-2gsg350x-24pd_firmwarebusiness_250-24pp-4g_firmwaresf350-08sf250-50sg350-28p_firmwaresg350xg-2f10sg500xg8f8t_firmwaresg350x-8pmd_firmwarebusiness_250-24p-4g_firmwaresf250-26hpbusiness_350-48p-4xbusiness_350-24s-4g_firmwaresg350-10mpbusiness_350-16t-2gsg250-24_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28business_350-8mgp-2xsf200e-24_firmwarebusiness_350-12xt_firmwarebusiness_250-24fp-4xsf350-48mp_firmwaresg350-28mp_firmwarebusiness_350-24ngp-4xsf200-24sf250-26psg500-28ppsg500x-48pbusiness_350-48xt-4x_firmwaresg250-26_firmwaresf200e-48_firmwarebusiness_350-24ngp-4x_firmwaresg355-10p_firmwaresg500x-48mppsg500x-48p_firmwarebusiness_350-24p-4x_firmwaresg550x-24mp_firmwaresg200-18_firmwarebusiness_350-8mgp-2x_firmwaresf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg250-48_firmwarebusiness_250-8fp-e-2gsg300-10mpsf350-28_firmwaresf350-10p_firmwaresf250-18sf352-08psg300-10ppsf500-18psf350-8mp_firmwarebusiness_350-24t-4gbusiness_350-8p-e-2g_firmwaresg500x-48mpp_firmwaresf350-28p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg300-28sg350x-24pdsg200-10fp_firmwaresg550xg-24fbusiness_350-48p-4x_firmwaresg250-08hpbusiness_250-24p-4x_firmwaresf250x-48sg550x-24mpsg350-10business_350-8mp-2x_firmwaresf300-24p_firmwaresg550x-48mpbusiness_350-16p-e-2g_firmwaresg200-50fp_firmwarebusiness_250-24p-4gsg250-26psg300-10pp_firmwaresf500-24sf550x-24psg300-10sf352-08p_firmwaresf300-48p_firmwaresf350-48mpbusiness_350-16t-2g_firmwaresg250-50sg300-10mppbusiness_350-24t-4g_firmwaresg300-28psg350x-24pvbusiness_250-24t-4xsf300-24sf200-48psg200-26psg550x-24pbusiness_250-8t-dbusiness_250-24fp-4gsg200-08_firmwaresg350x-48mpbusiness_350-48t-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresg250-08_firmwaresf300-24mpbusiness_250-24t-4gsg350x-24psf350-52_firmwarebusiness_250-48t-4x_firmwaresf350-28sfpbusiness_250-48p-4x_firmwaresf302-08pp_firmwaresf250-48hpbusiness_350-16t-e-2gsg500x-48_firmwaresg200-50_firmwaresg250-26p_firmwaresf300-08_firmwarebusiness_350-48xt-4xsf250-50p_firmwarebusiness_350-16fp-2g_firmwarebusiness_350-48p-4g_firmwaresf500-24_firmwaresf350-08_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf355-10pbusiness_350-48fp-4gsg300-28p_firmwareCisco Small Business Smart and Managed Switches 550x_series_stackable_managed_switches_firmware250_series_smart_switches_firmwaresmall_business_500_series_stackable_managed_switches_firmwarebusiness_350_series_managed_switches_firmwaresmall_business_200_series_smart_switches_firmwaresmall_business_300_series_managed_switches_firmwarebusiness_250_series_smart_switches_firmware350x_series_stackable_managed_switches_firmware350_series_managed_switches_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20846
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.97% / 75.74%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:32
Updated-05 Aug, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Cisco Discovery Protocol Buffer Overflow Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow, which could cause the Cisco Discovery Protocol process to reload on the device. The bytes that can be written in the buffer overflow are restricted, which limits remote code execution.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20451
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.88%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:48
Updated-23 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa_501g_firmwarespa_509g_firmwarespa_514g_4-line_ip_phonespa_508g_firmwarespa_301_1_line_ip_phonespa_525g2_5-line_ip_phonespa_303_3_line_ip_phonespa_514g_firmwarespa_525g2_firmwarespa_508g_8-line_ip_phonespa_301_firmwarespa_512g_firmwarespa_504g_4-line_ip_phonespa_303_firmwarespa_502g_1-line_ip_phonespa_504g_firmwarespa_525g_5-line_ip_phonespa_502g_firmwarespa_501g_8-line_ip_phonespa_509g_12-line_ip_phonespa_512g_1-line_ip_phonespa_525g_firmwareCisco Small Business IP Phones
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-6366
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-90.09% / 99.56%
||
7 Day CHG~0.00%
Published-18 Aug, 2016 | 18:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-14||Apply updates per vendor instructions.

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pix_firewall_506pix_firewall_515e7613-scatalyst_6504-epix_firewall_535catalyst_6509-v-ecatalyst_6500-easa_1000v_cloud_firewall_softwarecatalyst_6509-easa_5505asa_5555-xasa_5506-xasa_5512-xcatalyst_6503-e7606-spix_firewall_525pix_firewall_506easa_5585-xasa_5550pix_firewall_520asa_5525-xasa_5545-xpix_firewall_501catalyst_6513asa_5580catalyst_6513-ecatalyst_6500asa_5500_csc-ssmasa_5500pix_firewall_softwareasa_5516-xasa_5510adaptive_security_appliance_softwareasa_5508-xasa_5520asa_5506h-xcatalyst_6509-neb-aasa_5540pix_firewall_5157604asa_5515-x7609-scatalyst_6506-easa_5500-xasa_5506w-xn/aAdaptive Security Appliance (ASA)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20450
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.56%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:46
Updated-23 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa_501g_firmwarespa_509g_firmwarespa_514g_4-line_ip_phonespa_508g_firmwarespa_301_1_line_ip_phonespa_525g2_5-line_ip_phonespa_303_3_line_ip_phonespa_514g_firmwarespa_525g2_firmwarespa_508g_8-line_ip_phonespa_301_firmwarespa_512g_firmwarespa_504g_4-line_ip_phonespa_303_firmwarespa_502g_1-line_ip_phonespa_504g_firmwarespa_525g_5-line_ip_phonespa_502g_firmwarespa_501g_8-line_ip_phonespa_509g_12-line_ip_phonespa_512g_1-line_ip_phonespa_525g_firmwareCisco Small Business IP Phonessmall_business_ip_phone_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20313
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 20:42
Updated-09 Aug, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-20267
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.41% / 60.66%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:15
Updated-28 Aug, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition. Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nx-osCisco NX-OS Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-34727
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.06%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:26
Updated-07 Nov, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-4451-x_integrated_services_routerasr_1001-x_r1160_integrated_services_routerasr_1002-hxasr_1000_series_route_processor_\(rp2\)asr_1000_series_route_processor_\(rp3\)1100_integrated_services_router1109-2p_integrated_services_routerasr_1001-hx_r4331_integrated_services_router4461_integrated_services_routerasr_1002-hx_rasr_1002-x_rasr_1000-xasr_1009-xasr_1000-esp100asr_1002ios_xe_sd-wan4000_integrated_services_router1000_integrated_services_router1109_integrated_services_routerasr_1004111x_integrated_services_router1120_integrated_services_routerasr_1006-x1111x_integrated_services_routerasr_10134321_integrated_services_routerasr_10231101-4p_integrated_services_router4431_integrated_services_routerasr_10011100-4p_integrated_services_routerasr_1000csr_1000v1100-4g\/6g_integrated_services_router4221_integrated_services_router1111x-8p_integrated_services_routerasr_1000_seriesasr_10061100-8p_integrated_services_router1109-4p_integrated_services_routerasr_1001-x1101_integrated_services_routerasr_1001-hx4451_integrated_services_routerasr_1002-x4351_integrated_services_router422_integrated_services_routerCisco IOS XE SD-WAN Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • 8
  • Next
Details not found