Cisco has released security updates to address multiple critical vulnerabilities (CVE-2023-20159, CVE-2023-20160, CVE-2023-20161 and CVE-2023-20189) in their Small Business Series Switches. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
The vulnerabilities are:
- CVE-2023-20159: A stack buffer overflow vulnerability that may allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on an affected device.
- CVE-2023-20160: A BSS buffer overflow vulnerability that may allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on an affected device.
- CVE-2023-20161 and CVE-2023-20189: An unauthenticated stack buffer overflow vulnerability that may allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on an affected device.
The vulnerabilities affect the following product versions:
Users and administrators of affected product versions are advised to update to the latest versions immediately.
More information is available here: