CVE-2023-20189

8.6 HIGH

Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

Multiple vulnerabilities in Cisco Small Business Series Switches web interface allow unauthenticated remote attackers to cause denial of service or execute arbitrary code with root privileges. Affected devices are Cisco Small Business Series Switches with vulnerable firmware versions. Attackers can exploit these vulnerabilities without authentication by sending specially crafted requests to the web interface.

💻 Affected Systems

Products:

• Cisco Small Business Series Switches

Versions: Specific versions listed in Cisco advisory

Operating Systems: Cisco IOS-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Web interface must be enabled (default on many models).

📦 What is this software?

Business 250 16p 2g Firmware by Cisco

View all CVEs affecting Business 250 16p 2g Firmware →

Business 250 16t 2g Firmware by Cisco

View all CVEs affecting Business 250 16t 2g Firmware →

Business 250 24fp 4g Firmware by Cisco

View all CVEs affecting Business 250 24fp 4g Firmware →

Business 250 24fp 4x Firmware by Cisco

View all CVEs affecting Business 250 24fp 4x Firmware →

Business 250 24p 4g Firmware by Cisco

View all CVEs affecting Business 250 24p 4g Firmware →

Business 250 24p 4x Firmware by Cisco

View all CVEs affecting Business 250 24p 4x Firmware →

Business 250 24pp 4g Firmware by Cisco

View all CVEs affecting Business 250 24pp 4g Firmware →

Business 250 24t 4g Firmware by Cisco

View all CVEs affecting Business 250 24t 4g Firmware →

Business 250 24t 4x Firmware by Cisco

View all CVEs affecting Business 250 24t 4x Firmware →

Business 250 48p 4g Firmware by Cisco

View all CVEs affecting Business 250 48p 4g Firmware →

Business 250 48p 4x Firmware by Cisco

View all CVEs affecting Business 250 48p 4x Firmware →

Business 250 48pp 4g Firmware by Cisco

View all CVEs affecting Business 250 48pp 4g Firmware →

Business 250 48t 4g Firmware by Cisco

View all CVEs affecting Business 250 48t 4g Firmware →

Business 250 48t 4x Firmware by Cisco

View all CVEs affecting Business 250 48t 4x Firmware →

Business 250 8fp E 2g Firmware by Cisco

View all CVEs affecting Business 250 8fp E 2g Firmware →

Business 250 8p E 2g Firmware by Cisco

View all CVEs affecting Business 250 8p E 2g Firmware →

Business 250 8pp D Firmware by Cisco

View all CVEs affecting Business 250 8pp D Firmware →

Business 250 8pp E 2g Firmware by Cisco

View all CVEs affecting Business 250 8pp E 2g Firmware →

Business 250 8t D Firmware by Cisco

View all CVEs affecting Business 250 8t D Firmware →

Business 250 8t E 2g Firmware by Cisco

View all CVEs affecting Business 250 8t E 2g Firmware →

Business 350 12np 4x Firmware by Cisco

View all CVEs affecting Business 350 12np 4x Firmware →

Business 350 12xs Firmware by Cisco

View all CVEs affecting Business 350 12xs Firmware →

Business 350 12xt Firmware by Cisco

View all CVEs affecting Business 350 12xt Firmware →

Business 350 16fp 2g Firmware by Cisco

View all CVEs affecting Business 350 16fp 2g Firmware →

Business 350 16p 2g Firmware by Cisco

View all CVEs affecting Business 350 16p 2g Firmware →

Business 350 16p E 2g Firmware by Cisco

View all CVEs affecting Business 350 16p E 2g Firmware →

Business 350 16t 2g Firmware by Cisco

View all CVEs affecting Business 350 16t 2g Firmware →

Business 350 16t E 2g Firmware by Cisco

View all CVEs affecting Business 350 16t E 2g Firmware →

Business 350 16xts Firmware by Cisco

View all CVEs affecting Business 350 16xts Firmware →

Business 350 24fp 4g Firmware by Cisco

View all CVEs affecting Business 350 24fp 4g Firmware →

Business 350 24fp 4x Firmware by Cisco

View all CVEs affecting Business 350 24fp 4x Firmware →

Business 350 24mgp 4x Firmware by Cisco

View all CVEs affecting Business 350 24mgp 4x Firmware →

Business 350 24ngp 4x Firmware by Cisco

View all CVEs affecting Business 350 24ngp 4x Firmware →

Business 350 24p 4g Firmware by Cisco

View all CVEs affecting Business 350 24p 4g Firmware →

Business 350 24p 4x Firmware by Cisco

View all CVEs affecting Business 350 24p 4x Firmware →

Business 350 24s 4g Firmware by Cisco

View all CVEs affecting Business 350 24s 4g Firmware →

Business 350 24t 4g Firmware by Cisco

View all CVEs affecting Business 350 24t 4g Firmware →

Business 350 24t 4x Firmware by Cisco

View all CVEs affecting Business 350 24t 4x Firmware →

Business 350 24xs Firmware by Cisco

View all CVEs affecting Business 350 24xs Firmware →

Business 350 24xt Firmware by Cisco

View all CVEs affecting Business 350 24xt Firmware →

Business 350 24xts Firmware by Cisco

View all CVEs affecting Business 350 24xts Firmware →

Business 350 48fp 4g Firmware by Cisco

View all CVEs affecting Business 350 48fp 4g Firmware →

Business 350 48fp 4x Firmware by Cisco

View all CVEs affecting Business 350 48fp 4x Firmware →

Business 350 48ngp 4x Firmware by Cisco

View all CVEs affecting Business 350 48ngp 4x Firmware →

Business 350 48p 4g Firmware by Cisco

View all CVEs affecting Business 350 48p 4g Firmware →

Business 350 48p 4x Firmware by Cisco

View all CVEs affecting Business 350 48p 4x Firmware →

Business 350 48t 4g Firmware by Cisco

View all CVEs affecting Business 350 48t 4g Firmware →

Business 350 48t 4x Firmware by Cisco

View all CVEs affecting Business 350 48t 4x Firmware →

Business 350 48xt 4x Firmware by Cisco

View all CVEs affecting Business 350 48xt 4x Firmware →

Business 350 8fp 2g Firmware by Cisco

View all CVEs affecting Business 350 8fp 2g Firmware →

Business 350 8fp E 2g Firmware by Cisco

View all CVEs affecting Business 350 8fp E 2g Firmware →

Business 350 8mgp 2x Firmware by Cisco

View all CVEs affecting Business 350 8mgp 2x Firmware →

Business 350 8mp 2x Firmware by Cisco

View all CVEs affecting Business 350 8mp 2x Firmware →

Business 350 8p 2g Firmware by Cisco

View all CVEs affecting Business 350 8p 2g Firmware →

Business 350 8p E 2g Firmware by Cisco

View all CVEs affecting Business 350 8p E 2g Firmware →

Business 350 8s E 2g Firmware by Cisco

View all CVEs affecting Business 350 8s E 2g Firmware →

Business 350 8t E 2g Firmware by Cisco

View all CVEs affecting Business 350 8t E 2g Firmware →

Business 350 8xt Firmware by Cisco

View all CVEs affecting Business 350 8xt Firmware →

Sf200 24 Firmware by Cisco

View all CVEs affecting Sf200 24 Firmware →

Sf200 24fp Firmware by Cisco

View all CVEs affecting Sf200 24fp Firmware →

Sf200 24p Firmware by Cisco

View all CVEs affecting Sf200 24p Firmware →

Sf200 48 Firmware by Cisco

View all CVEs affecting Sf200 48 Firmware →

Sf200 48p Firmware by Cisco

View all CVEs affecting Sf200 48p Firmware →

Sf200e 24 Firmware by Cisco

View all CVEs affecting Sf200e 24 Firmware →

Sf200e 24p Firmware by Cisco

View all CVEs affecting Sf200e 24p Firmware →

Sf200e 48 Firmware by Cisco

View all CVEs affecting Sf200e 48 Firmware →

Sf200e 48p Firmware by Cisco

View all CVEs affecting Sf200e 48p Firmware →

Sf200e48p Firmware by Cisco

View all CVEs affecting Sf200e48p Firmware →

Sf250 08 Firmware by Cisco

View all CVEs affecting Sf250 08 Firmware →

Sf250 08hp Firmware by Cisco

View all CVEs affecting Sf250 08hp Firmware →

Sf250 10p Firmware by Cisco

View all CVEs affecting Sf250 10p Firmware →

Sf250 18 Firmware by Cisco

View all CVEs affecting Sf250 18 Firmware →

Sf250 24 Firmware by Cisco

View all CVEs affecting Sf250 24 Firmware →

Sf250 24p Firmware by Cisco

View all CVEs affecting Sf250 24p Firmware →

Sf250 26 Firmware by Cisco

View all CVEs affecting Sf250 26 Firmware →

Sf250 26hp Firmware by Cisco

View all CVEs affecting Sf250 26hp Firmware →

Sf250 26p Firmware by Cisco

View all CVEs affecting Sf250 26p Firmware →

Sf250 48 Firmware by Cisco

View all CVEs affecting Sf250 48 Firmware →

Sf250 48hp Firmware by Cisco

View all CVEs affecting Sf250 48hp Firmware →

Sf250 50 Firmware by Cisco

View all CVEs affecting Sf250 50 Firmware →

Sf250 50hp Firmware by Cisco

View all CVEs affecting Sf250 50hp Firmware →

Sf250 50p Firmware by Cisco

View all CVEs affecting Sf250 50p Firmware →

Sf250x 24 Firmware by Cisco

View all CVEs affecting Sf250x 24 Firmware →

Sf250x 24p Firmware by Cisco

View all CVEs affecting Sf250x 24p Firmware →

Sf250x 48 Firmware by Cisco

View all CVEs affecting Sf250x 48 Firmware →

Sf250x 48p Firmware by Cisco

View all CVEs affecting Sf250x 48p Firmware →

Sf300 08 Firmware by Cisco

View all CVEs affecting Sf300 08 Firmware →

Sf300 24 Firmware by Cisco

View all CVEs affecting Sf300 24 Firmware →

Sf300 24mp Firmware by Cisco

View all CVEs affecting Sf300 24mp Firmware →

Sf300 24p Firmware by Cisco

View all CVEs affecting Sf300 24p Firmware →

Sf300 24pp Firmware by Cisco

View all CVEs affecting Sf300 24pp Firmware →

Sf300 48 Firmware by Cisco

View all CVEs affecting Sf300 48 Firmware →

Sf300 48p Firmware by Cisco

View all CVEs affecting Sf300 48p Firmware →

Sf300 48pp Firmware by Cisco

View all CVEs affecting Sf300 48pp Firmware →

Sf302 08 Firmware by Cisco

View all CVEs affecting Sf302 08 Firmware →

Sf302 08mpp Firmware by Cisco

View all CVEs affecting Sf302 08mpp Firmware →

Sf302 08pp Firmware by Cisco

View all CVEs affecting Sf302 08pp Firmware →

Sf350 08 Firmware by Cisco

View all CVEs affecting Sf350 08 Firmware →

Sf350 10 Firmware by Cisco

View all CVEs affecting Sf350 10 Firmware →

Sf350 10mp Firmware by Cisco

View all CVEs affecting Sf350 10mp Firmware →

Sf350 10p Firmware by Cisco

View all CVEs affecting Sf350 10p Firmware →

Sf350 10sfp Firmware by Cisco

View all CVEs affecting Sf350 10sfp Firmware →

Sf350 20 Firmware by Cisco

View all CVEs affecting Sf350 20 Firmware →

Sf350 24 Firmware by Cisco

View all CVEs affecting Sf350 24 Firmware →

Sf350 24mp Firmware by Cisco

View all CVEs affecting Sf350 24mp Firmware →

Sf350 24p Firmware by Cisco

View all CVEs affecting Sf350 24p Firmware →

Sf350 28 Firmware by Cisco

View all CVEs affecting Sf350 28 Firmware →

Sf350 28mp Firmware by Cisco

View all CVEs affecting Sf350 28mp Firmware →

Sf350 28p Firmware by Cisco

View all CVEs affecting Sf350 28p Firmware →

Sf350 28sfp Firmware by Cisco

View all CVEs affecting Sf350 28sfp Firmware →

Sf350 48 Firmware by Cisco

View all CVEs affecting Sf350 48 Firmware →

Sf350 48mp Firmware by Cisco

View all CVEs affecting Sf350 48mp Firmware →

Sf350 48p Firmware by Cisco

View all CVEs affecting Sf350 48p Firmware →

Sf350 52 Firmware by Cisco

View all CVEs affecting Sf350 52 Firmware →

Sf350 52mp Firmware by Cisco

View all CVEs affecting Sf350 52mp Firmware →

Sf350 52p Firmware by Cisco

View all CVEs affecting Sf350 52p Firmware →

Sf350 8mp Firmware by Cisco

View all CVEs affecting Sf350 8mp Firmware →

Sf350 8pd Firmware by Cisco

View all CVEs affecting Sf350 8pd Firmware →

Sf352 08 Firmware by Cisco

View all CVEs affecting Sf352 08 Firmware →

Sf352 08mp Firmware by Cisco

View all CVEs affecting Sf352 08mp Firmware →

Sf352 08p Firmware by Cisco

View all CVEs affecting Sf352 08p Firmware →

Sf355 10p Firmware by Cisco

View all CVEs affecting Sf355 10p Firmware →

Sf500 18p Firmware by Cisco

View all CVEs affecting Sf500 18p Firmware →

Sf500 24 Firmware by Cisco

View all CVEs affecting Sf500 24 Firmware →

Sf500 24mp Firmware by Cisco

View all CVEs affecting Sf500 24mp Firmware →

Sf500 24p Firmware by Cisco

View all CVEs affecting Sf500 24p Firmware →

Sf500 48 Firmware by Cisco

View all CVEs affecting Sf500 48 Firmware →

Sf500 48mp Firmware by Cisco

View all CVEs affecting Sf500 48mp Firmware →

Sf500 48p Firmware by Cisco

View all CVEs affecting Sf500 48p Firmware →

Sf550x 24 Firmware by Cisco

View all CVEs affecting Sf550x 24 Firmware →

Sf550x 24mp Firmware by Cisco

View all CVEs affecting Sf550x 24mp Firmware →

Sf550x 24p Firmware by Cisco

View all CVEs affecting Sf550x 24p Firmware →

Sf550x 48 Firmware by Cisco

View all CVEs affecting Sf550x 48 Firmware →

Sf550x 48mp Firmware by Cisco

View all CVEs affecting Sf550x 48mp Firmware →

Sf550x 48p Firmware by Cisco

View all CVEs affecting Sf550x 48p Firmware →

Sg200 08 Firmware by Cisco

View all CVEs affecting Sg200 08 Firmware →

Sg200 08p Firmware by Cisco

View all CVEs affecting Sg200 08p Firmware →

Sg200 10fp Firmware by Cisco

View all CVEs affecting Sg200 10fp Firmware →

Sg200 18 Firmware by Cisco

View all CVEs affecting Sg200 18 Firmware →

Sg200 26 Firmware by Cisco

View all CVEs affecting Sg200 26 Firmware →

Sg200 26fp Firmware by Cisco

View all CVEs affecting Sg200 26fp Firmware →

Sg200 26p Firmware by Cisco

View all CVEs affecting Sg200 26p Firmware →

Sg200 50 Firmware by Cisco

View all CVEs affecting Sg200 50 Firmware →

Sg200 50fp Firmware by Cisco

View all CVEs affecting Sg200 50fp Firmware →

Sg200 50p Firmware by Cisco

View all CVEs affecting Sg200 50p Firmware →

Sg250 08 Firmware by Cisco

View all CVEs affecting Sg250 08 Firmware →

Sg250 08hp Firmware by Cisco

View all CVEs affecting Sg250 08hp Firmware →

Sg250 10p Firmware by Cisco

View all CVEs affecting Sg250 10p Firmware →

Sg250 18 Firmware by Cisco

View all CVEs affecting Sg250 18 Firmware →

Sg250 24 Firmware by Cisco

View all CVEs affecting Sg250 24 Firmware →

Sg250 24p Firmware by Cisco

View all CVEs affecting Sg250 24p Firmware →

Sg250 26 Firmware by Cisco

View all CVEs affecting Sg250 26 Firmware →

Sg250 26hp Firmware by Cisco

View all CVEs affecting Sg250 26hp Firmware →

Sg250 26p Firmware by Cisco

View all CVEs affecting Sg250 26p Firmware →

Sg250 48 Firmware by Cisco

View all CVEs affecting Sg250 48 Firmware →

Sg250 48hp Firmware by Cisco

View all CVEs affecting Sg250 48hp Firmware →

Sg250 50 Firmware by Cisco

View all CVEs affecting Sg250 50 Firmware →

Sg250 50hp Firmware by Cisco

View all CVEs affecting Sg250 50hp Firmware →

Sg250 50p Firmware by Cisco

View all CVEs affecting Sg250 50p Firmware →

Sg250x 24 Firmware by Cisco

View all CVEs affecting Sg250x 24 Firmware →

Sg250x 24p Firmware by Cisco

View all CVEs affecting Sg250x 24p Firmware →

Sg250x 48 Firmware by Cisco

View all CVEs affecting Sg250x 48 Firmware →

Sg250x 48p Firmware by Cisco

View all CVEs affecting Sg250x 48p Firmware →

Sg300 10 Firmware by Cisco

View all CVEs affecting Sg300 10 Firmware →

Sg300 10mp Firmware by Cisco

View all CVEs affecting Sg300 10mp Firmware →

Sg300 10mpp Firmware by Cisco

View all CVEs affecting Sg300 10mpp Firmware →

Sg300 10p Firmware by Cisco

View all CVEs affecting Sg300 10p Firmware →

Sg300 10pp Firmware by Cisco

View all CVEs affecting Sg300 10pp Firmware →

Sg300 10sfp Firmware by Cisco

View all CVEs affecting Sg300 10sfp Firmware →

Sg300 20 Firmware by Cisco

View all CVEs affecting Sg300 20 Firmware →

Sg300 28 Firmware by Cisco

View all CVEs affecting Sg300 28 Firmware →

Sg300 28mp Firmware by Cisco

View all CVEs affecting Sg300 28mp Firmware →

Sg300 28p Firmware by Cisco

View all CVEs affecting Sg300 28p Firmware →

Sg300 28pp Firmware by Cisco

View all CVEs affecting Sg300 28pp Firmware →

Sg300 28sfp Firmware by Cisco

View all CVEs affecting Sg300 28sfp Firmware →

Sg300 52 Firmware by Cisco

View all CVEs affecting Sg300 52 Firmware →

Sg300 52mp Firmware by Cisco

View all CVEs affecting Sg300 52mp Firmware →

Sg300 52p Firmware by Cisco

View all CVEs affecting Sg300 52p Firmware →

Sg350 10 Firmware by Cisco

View all CVEs affecting Sg350 10 Firmware →

Sg350 10mp Firmware by Cisco

View all CVEs affecting Sg350 10mp Firmware →

Sg350 10p Firmware by Cisco

View all CVEs affecting Sg350 10p Firmware →

Sg350 28 Firmware by Cisco

View all CVEs affecting Sg350 28 Firmware →

Sg350 28mp Firmware by Cisco

View all CVEs affecting Sg350 28mp Firmware →

Sg350 28p Firmware by Cisco

View all CVEs affecting Sg350 28p Firmware →

Sg350x 12pmv Firmware by Cisco

View all CVEs affecting Sg350x 12pmv Firmware →

Sg350x 24 Firmware by Cisco

View all CVEs affecting Sg350x 24 Firmware →

Sg350x 24mp Firmware by Cisco

View all CVEs affecting Sg350x 24mp Firmware →

Sg350x 24p Firmware by Cisco

View all CVEs affecting Sg350x 24p Firmware →

Sg350x 24pd Firmware by Cisco

View all CVEs affecting Sg350x 24pd Firmware →

Sg350x 24pv Firmware by Cisco

View all CVEs affecting Sg350x 24pv Firmware →

Sg350x 48 Firmware by Cisco

View all CVEs affecting Sg350x 48 Firmware →

Sg350x 48mp Firmware by Cisco

View all CVEs affecting Sg350x 48mp Firmware →

Sg350x 48p Firmware by Cisco

View all CVEs affecting Sg350x 48p Firmware →

Sg350x 48pv Firmware by Cisco

View all CVEs affecting Sg350x 48pv Firmware →

Sg350x 8pmd Firmware by Cisco

View all CVEs affecting Sg350x 8pmd Firmware →

Sg350xg 24f Firmware by Cisco

View all CVEs affecting Sg350xg 24f Firmware →

Sg350xg 24t Firmware by Cisco

View all CVEs affecting Sg350xg 24t Firmware →

Sg350xg 2f10 Firmware by Cisco

View all CVEs affecting Sg350xg 2f10 Firmware →

Sg350xg 48t Firmware by Cisco

View all CVEs affecting Sg350xg 48t Firmware →

Sg355 10mp Firmware by Cisco

View all CVEs affecting Sg355 10mp Firmware →

Sg355 10p Firmware by Cisco

View all CVEs affecting Sg355 10p Firmware →

Sg500 28 Firmware by Cisco

View all CVEs affecting Sg500 28 Firmware →

Sg500 28mpp Firmware by Cisco

View all CVEs affecting Sg500 28mpp Firmware →

Sg500 28p Firmware by Cisco

View all CVEs affecting Sg500 28p Firmware →

Sg500 28pp Firmware by Cisco

View all CVEs affecting Sg500 28pp Firmware →

Sg500 52p Firmware by Cisco

View all CVEs affecting Sg500 52p Firmware →

Sg500 52pp Firmware by Cisco

View all CVEs affecting Sg500 52pp Firmware →

Sg500x 24 Firmware by Cisco

View all CVEs affecting Sg500x 24 Firmware →

Sg500x 24mpp Firmware by Cisco

View all CVEs affecting Sg500x 24mpp Firmware →

Sg500x 24p Firmware by Cisco

View all CVEs affecting Sg500x 24p Firmware →

Sg500x 48 Firmware by Cisco

View all CVEs affecting Sg500x 48 Firmware →

Sg500x 48mp Firmware by Cisco

View all CVEs affecting Sg500x 48mp Firmware →

Sg500x 48mpp Firmware by Cisco

View all CVEs affecting Sg500x 48mpp Firmware →

Sg500x 48p Firmware by Cisco

View all CVEs affecting Sg500x 48p Firmware →

Sg500x24mpp Firmware by Cisco

View all CVEs affecting Sg500x24mpp Firmware →

Sg500xg 8f8t Firmware by Cisco

View all CVEs affecting Sg500xg 8f8t Firmware →

Sg500xg8f8t Firmware by Cisco

View all CVEs affecting Sg500xg8f8t Firmware →

Sg550x 24 Firmware by Cisco

View all CVEs affecting Sg550x 24 Firmware →

Sg550x 24mp Firmware by Cisco

View all CVEs affecting Sg550x 24mp Firmware →

Sg550x 24mpp Firmware by Cisco

View all CVEs affecting Sg550x 24mpp Firmware →

Sg550x 24p Firmware by Cisco

View all CVEs affecting Sg550x 24p Firmware →

Sg550x 48 Firmware by Cisco

View all CVEs affecting Sg550x 48 Firmware →

Sg550x 48mp Firmware by Cisco

View all CVEs affecting Sg550x 48mp Firmware →

Sg550x 48p Firmware by Cisco

View all CVEs affecting Sg550x 48p Firmware →

Sg550x 48t Firmware by Cisco

View all CVEs affecting Sg550x 48t Firmware →

Sg550xg 24f Firmware by Cisco

View all CVEs affecting Sg550xg 24f Firmware →

Sg550xg 24t Firmware by Cisco

View all CVEs affecting Sg550xg 24t Firmware →

Sg550xg 48t Firmware by Cisco

View all CVEs affecting Sg550xg 48t Firmware →

Sg550xg 8f8t Firmware by Cisco

View all CVEs affecting Sg550xg 8f8t Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full root control of switch, enabling network disruption, data interception, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Attackers cause service disruption through DoS or deploy crypto-miners/ransomware on vulnerable switches.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated network segments.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated remote exploitation possible via web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Cisco advisory for specific fixed versions

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv

Restart Required: Yes

Instructions:

1. Identify affected switch models and versions. 2. Download fixed firmware from Cisco. 3. Backup configuration. 4. Upload and install new firmware via TFTP/SCP. 5. Reboot switch. 6. Verify firmware version.

🔧 Temporary Workarounds

Disable Web Interface

all

Disable HTTP/HTTPS management interface to prevent exploitation

Copy

no ip http server
no ip http secure-server

Restrict Management Access

all

Limit web interface access to trusted management networks only

Copy

ip http access-class <ACL-NUMBER>
ip http secure-server access-class <ACL-NUMBER>

🧯 If You Can't Patch

• Disable web management interface completely
• Implement strict network segmentation and firewall rules to block external access to management interfaces

🔍 How to Verify

Check if Vulnerable:

Copy

Check switch firmware version against affected versions in Cisco advisory

Check Version:

Copy

show version

Verify Fix Applied:

Copy

Verify firmware version matches or exceeds fixed version from advisory

📡 Detection & Monitoring

Log Indicators:

• Unusual HTTP/HTTPS requests to switch management interface
• Multiple failed login attempts followed by successful access
• Unexpected configuration changes

Network Indicators:

• Unusual outbound connections from switch
• Traffic patterns indicating crypto-mining or C2 communication
• Port scanning originating from switch

SIEM Query:

Copy

source="cisco-switch*" (http.status=200 AND http.method=POST AND http.uri contains "/admin/") OR (event_type="configuration_change" AND user="unknown")

📊 Metadata

CVE ID: CVE-2023-20189

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-120

Published: May 18, 2023

Last Updated: November 21, 2024

🔗 References

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv Vendor Advisory
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20189, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)

CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)

CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)