Description
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv
Scores
CVSS v3
8.6
EPSS
0.0048
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-120
Status
published
Products (50)
cisco/business_250-16p-2g_firmware
cisco/business_250-16t-2g_firmware
cisco/business_250-24fp-4g_firmware
cisco/business_250-24fp-4x_firmware
cisco/business_250-24p-4g_firmware
cisco/business_250-24p-4x_firmware
cisco/business_250-24pp-4g_firmware
cisco/business_250-24t-4g_firmware
cisco/business_250-24t-4x_firmware
cisco/business_250-48p-4g_firmware
... and 40 more
Published
May 18, 2023
Tracked Since
Feb 18, 2026