Vulnerability in Cisco Small Business Switches

Nothing new with these Cisco Small Business Switches. A researcher, Jasper Adriaanse has identified several vulnerabilities, including ones that have been rated high severity, in Cisco’s Small Business 220 series smart switches.

These vulnerabilities were discovered to impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled which the interface is enabled by default. In an advisory released a few days ago, Cisco said Jasper Adriaanse found a few types of security holes in the small business switches.

One of them, tracked as CVE-2021-1542 and rated high severity, can be exploited by a remote, unauthenticated attacker to hijack a user’s session and gain access to the switch’s web interface. Depending on the privileges of the targeted user, the attacker could gain admin-level access to the management interface.

Another high-severity issue is CVE-2021-1541, which allows a remote attacker with admin permissions on the device to execute arbitrary commands with root privileges on the underlying operating system.

The other two flaws found by the researcher, both classified as medium severity by Cisco, could allow a remote, unauthenticated attacker to launch XSS attacks (CVE-2021-1543) or HTML injection attacks (CVE-2021-1571).

 

I hope this post was helpful, if you have any questions please feel free to contact me. If you would like to be notified of when I create a new post you can subscribe to my blog alert. 


Discover more from Patrick Domingues

Subscribe to get the latest posts to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.