1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cisco is patching some small business router bugs, so patch now

    From TechnologyDaily@1337:1/100 to All on Fri May 19 10:30:03 2023
    Cisco is patching some small business router bugs, so patch now

    Date:
    Fri, 19 May 2023 09:17:10 +0000

    Description:
    Vulnerabilities in SMB-targeted hardware could allow hackers to remotely hijack your kit, Cisco warns.

    FULL STORY ======================================================================

    Cisco says it has fixed four high-severity vulnerabilities which could have allowed threat actors to remotely hijack network switches for small businesses.

    In a security advisory published by the companys Product Security Incident Response Team (PSIRT), hackers could abuse flaws in the web user interface to run arbitrary code with root privileges. The flaws in question are tracked as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189, all with
    a 9.8 severity rating.

    "An attacker could exploit this vulnerability by sending a crafted request through the web-based user interface," Cisco stated. "A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device." Multiple devices affected

    The list of vulnerable devices includes the 250 Series smart switches, 350 Series managed switches, and 350X Series and 550X stackable managed switches. To fix the flaws, IT teams are advised to bring their firmware up to version 2.5.9.16. There is no workaround for the flaws, Cisco said, so the only way
    to truly stay safe is to apply the patch.

    Small Business 200 Series smart switches, Small Business 300 Series managed switches, and Small Business 500 Series stackable managed switches are also said to be affected by the flaws, but as these are reaching end-of-life,
    Cisco wont be releasing a patch. Businesses using these endpoints are advised to migrate to a newer model. Read more

    How cross-site scripting attacks work


    Cisco says its server management tool has a serious security flaw


    Here are the best malware removal tools

    Businesses with service contracts that include software updates will receive the fixes through the usual update channels, Cisco said. Businesses with
    valid Cisco or third-party licenses will have their gear patched through maintenance upgrades, it was added.

    While the company claims theres no evidence of these flaws being used in the wild, it did say that a proof-of-concept exists. As such, its just a matter
    of time before hackers start exploiting the vulnerabilities.

    The flaws were discovered by an external researcher, Cisco concluded. These are the best endpoint protection tools around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/cisco-is-patching-some-small-business-router-bu gs-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)