Cisco reveals exploit code is publicly available for critical switch vulnerabilities
Attackers could target UI vulnerabilities in Cisco switches to execute malicious code
Cisco has released patches for nine vulnerabilities impacting its small business network switches and said that exploit code has been spotted in the wild.
The vulnerabilities have been found in the user interface (UI) of Cisco Small Business Series switches and could be exploited by attackers to execute arbitrary code on a victim’s switch, or cause a denial of service (DoS) on a business’ network.
Four of the nine vulnerabilities were rated ‘critical’ on the CVSSv3 severity scale, each receiving a near-maximum score of 9.8.
The remaining flaws received scores between 7.5 and 8.6.
The critical flaws - tracked as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 - stem from improper validation of requests sent through the web-based UI for the switches, which could allow an attacker to run malicious code via custom requests.
Five high-risk flaws also stem from the same UI issue and allow for individual devices to become subject to a DoS.
It’s recommended that affected organizations install the fixes as quickly as possible given the potential security risk and that exploit code exists online. There are no known workarounds that can mitigate the vulnerabilities.
Cisco did not indicate whether successful attacks have already taken place.
RELATED RESOURCE
Quantifying the public vulnerability market: 2022 edition
An analysis of vulnerability disclosures, impact severity, and product analysis
A number of Cisco’s Smart Switches, Series Managed Switches, and Series Stackable Switches are affected by the flaws with a full list available on the company’s official advisory.
Its 220 and Business 220 Series Smart Switches were found to be unaffected.
Cisco said it will not be releasing updates for the Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, or Small Business 500 Series Stackable Managed Switches as all of these products have gone end of life (EOL) and are no longer supported by updates.
EOL notices for the relevant products were published in 2018 and 2019, with businesses having had the years since to move away from the soon-to-be-obsolete switches.
Given the prevalence of Cisco’s hardware in organizations’ networks worldwide, critical vulnerabilities of this kind should be taken seriously and patched as soon as possible.
Cisco small business switches have faced security challenges in the past, with three major vulnerabilities having been found in 2019, a year that also saw the networking and enterprise cyber security firm wrangle with a flaw known as Thrangycat.
Coupled with another flaw, Thrangycat could be used to bypass Cisco’s TAm security controls and remotely seize control of a router or potentially compromise an entire network.
-
OpenAI's 'Skills in Codex' service aims to supercharge agent efficiency for developersNews The Skills in Codex service will provide users with a package of handy instructions and scripts to tweak and fine-tune agents for specific tasks.
-
Cloud infrastructure spending hit $102.6 billion in Q3 2025News Hyperscalers are increasingly offering platform-level capabilities that support multi-model deployment and the reliable operation of AI agents
-
Two Fortinet vulnerabilities are being exploited in the wild – patch nowNews Arctic Wolf and Rapid7 said security teams should act immediately to mitigate the Fortinet vulnerabilities
-
Cisco says Chinese hackers are exploiting an unpatched AsyncOS zero-day flaw – here's what we know so farNews The zero-day vulnerability affects Cisco's Secure Email Gateway and Secure Email and Web Manager appliances – here's what we know so far.
-
Everything you need to know about Google and Apple’s emergency zero-day patchesNews A serious zero-day bug was spotted in Chrome systems that impacts Apple users too, forcing both companies to issue emergency patches
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Cisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warningsNews Cisco customers are urged to upgrade and secure systems immediately
