In a recent announcement, Cisco issued a cautionary alert to its customers regarding four significant vulnerabilities pertaining to remote code execution. These vulnerabilities specifically target a range of Small Business Series Switches and have attracted considerable attention as public exploit code has surfaced.

Each security flaw has been assigned remarkably high severity ratings, with CVSS base scores reaching an alarming 9.8 out of 10. Should these vulnerabilities be successfully exploited, unauthorized individuals without authentication can execute arbitrary code on compromised devices, granting them extensive control and privileges, including root access.

A quartet of vulnerabilities, namely CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189, has come under scrutiny due to their inadequate validation of requests directed at the web interfaces of targeted switches.

These vulnerabilities expose a potential avenue for attackers to exploit the affected devices by deploying meticulously crafted requests through the web-based user interfaces, thereby initiating attacks of relatively low complexity that do not necessitate user interaction.

Notably, these vulnerabilities operate independently of each other, implying that the exploitation of one does not rely on the exploitation of another.

Additionally, a particular software release can be affected by one of these vulnerabilities without being susceptible to the others, highlighting the unique characteristics and distinct impact of each individual vulnerability.

The Affected Cisco Switches

Cisco has addressed critical vulnerabilities in various switch series, including the 250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, and 550X Series Stackable Managed Switches. These vulnerabilities have been resolved in firmware version 2.5.9.16.

Furthermore, Cisco has also released a fix for the Business 250 Series Smart Switches and Business 350 Series Managed Switches in firmware version 3.3.0.16.

However, for the Small Business 300 and 200 Series Managed Switches and Small Business 500 Series Stackable Managed Switches, Cisco has decided not to release a patch. These devices have already reached their end-of-life stage, so no firmware updates will be provided to address the vulnerabilities.

Cisco has disclosed that proof-of-concept exploit code exists for the aforementioned security flaws, increasing the risk of potential exploitation by threat actors who may create their own exploits. Cisco’s Product Security Incident Response Team (PSIRT) issued this warning, emphasizing the possibility of targeted attacks against vulnerable devices with exposed remote access.

The PSIRT has not yet discovered evidence indicating active attempts to exploit these vulnerabilities in real-world attacks.

In addition, Cisco is actively addressing cross-site scripting (XSS) vulnerability discovered in its Prime Collaboration Deployment (PCD) server management tool, thanks to a report from Pierre Vivegnis of NATO’s Cyber Security Centre (NCSC).

Recently, a joint advisory released by the United States, the United Kingdom, and Cisco also highlighted the activities of APT28, a Russian military hacking group.

The advisory specifically mentioned the deployment of customized ‘Jaguar Tooth’ malware on Cisco IOS routers, enabling unauthorized access to compromised devices without authentication.