Cisco is warning that nine significant vulnerabilities in its Small Business Series Switches could enable unauthenticated remote attackers to cause a denial-of-service condition or execute arbitrary code with root privileges on affected devices.<\/p>\n\n\n\n
The vulnerabilities are caused by improper validation of requests sent to the switches’ web interfaces, the company said<\/a>.<\/p>\n\n\n\n While the Cisco Product Security Incident Response Team (PSIRT) says it’s not aware of any malicious use of these flaws, it says proof-of-concept exploit code is available online.<\/p>\n\n\n\n Vulnerable products include 250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, Business 250 Series Smart Switches, Business 350 Series Managed Switches, Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, and Small Business 500 Series Stackable Managed Switches.<\/p>\n\n\n\n Despite the severity of the flaws, Cisco says the last three products in the list above won’t be covered by software updates or by workarounds because they’ve entered the end-of-life process. “Cisco has not and will not release firmware updates to address the vulnerabilities described in the advisory for these devices,” the company stated.<\/p>\n\n\n\n Table of Contents<\/p>\n