CVE-2023-20024

18.05.2023, 03:15

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
cisco	business_250-16p-2g_firmware	-
cisco	business_250-16t-2g_firmware	-
cisco	business_250-24fp-4g_firmware	-
cisco	business_250-24fp-4x_firmware	-
cisco	business_250-24p-4g_firmware	-
cisco	business_250-24p-4x_firmware	-
cisco	business_250-24pp-4g_firmware	-
cisco	business_250-24t-4g_firmware	-
cisco	business_250-24t-4x_firmware	-
cisco	business_250-48p-4g_firmware	-
cisco	business_250-48p-4x_firmware	-
cisco	business_250-48pp-4g_firmware	-
cisco	business_250-48t-4g_firmware	-
cisco	business_250-48t-4x_firmware	-
cisco	business_250-8fp-e-2g_firmware	-
cisco	business_250-8p-e-2g_firmware	-
cisco	business_250-8pp-d_firmware	-
cisco	business_250-8pp-e-2g_firmware	-
cisco	business_250-8t-d_firmware	-
cisco	business_250-8t-e-2g_firmware	-
cisco	business_350-12np-4x_firmware	-
cisco	business_350-12xs_firmware	-
cisco	business_350-12xt_firmware	-
cisco	business_350-16fp-2g_firmware	-
cisco	business_350-16p-2g_firmware	-
cisco	business_350-16p-e-2g_firmware	-
cisco	business_350-16t-2g_firmware	-
cisco	business_350-16t-e-2g_firmware	-
cisco	business_350-16xts_firmware	-
cisco	business_350-24fp-4g_firmware	-
cisco	business_350-24fp-4x_firmware	-
cisco	business_350-24mgp-4x_firmware	-
cisco	business_350-24ngp-4x_firmware	-
cisco	business_350-24p-4g_firmware	-
cisco	business_350-24p-4x_firmware	-
cisco	business_350-24s-4g_firmware	-
cisco	business_350-24t-4g_firmware	-
cisco	business_350-24t-4x_firmware	-
cisco	business_350-24xs_firmware	-
cisco	business_350-24xt_firmware	-
cisco	business_350-24xts_firmware	-
cisco	business_350-48fp-4g_firmware	-
cisco	business_350-48fp-4x_firmware	-
cisco	business_350-48ngp-4x_firmware	-
cisco	business_350-48p-4g_firmware	-
cisco	business_350-48p-4x_firmware	-
cisco	business_350-48t-4g_firmware	-
cisco	business_350-48t-4x_firmware	-
cisco	business_350-48xt-4x_firmware	-
cisco	business_350-8fp-2g_firmware	-
cisco	business_350-8fp-e-2g_firmware	-
cisco	business_350-8mgp-2x_firmware	-
cisco	business_350-8mp-2x_firmware	-
cisco	business_350-8p-2g_firmware	-
cisco	business_350-8p-e-2g_firmware	-
cisco	business_350-8s-e-2g_firmware	-
cisco	business_350-8t-e-2g_firmware	-
cisco	business_350-8xt_firmware	-
cisco	sf200-24_firmware	-
cisco	sf200-24fp_firmware	-
cisco	sf200-24p_firmware	-
cisco	sf200-48_firmware	-
cisco	sf200-48p_firmware	-
cisco	sf200e-24_firmware	-
cisco	sf200e-24p_firmware	-
cisco	sf200e-48_firmware	-
cisco	sf200e-48p_firmware	-
cisco	sf200e48p_firmware	-
cisco	sf250-08_firmware	-
cisco	sf250-08hp_firmware	-
cisco	sf250-10p_firmware	-
cisco	sf250-18_firmware	-
cisco	sf250-24_firmware	-
cisco	sf250-24p_firmware	-
cisco	sf250-26_firmware	-
cisco	sf250-26hp_firmware	-
cisco	sf250-26p_firmware	-
cisco	sf250-48_firmware	-
cisco	sf250-48hp_firmware	-
cisco	sf250-50_firmware	-
cisco	sf250-50hp_firmware	-
cisco	sf250-50p_firmware	-
cisco	sf250x-24_firmware	-
cisco	sf250x-24p_firmware	-
cisco	sf250x-48_firmware	-
cisco	sf250x-48p_firmware	-
cisco	sf300-08_firmware	-
cisco	sf300-24_firmware	-
cisco	sf300-24mp_firmware	-
cisco	sf300-24p_firmware	-
cisco	sf300-24pp_firmware	-
cisco	sf300-48_firmware	-
cisco	sf300-48p_firmware	-
cisco	sf300-48pp_firmware	-
cisco	sf302-08_firmware	-
cisco	sf302-08mpp_firmware	-
cisco	sf302-08pp_firmware	-
cisco	sf350-08_firmware	-
cisco	sf350-10_firmware	-
cisco	sf350-10mp_firmware	-
cisco	sf350-10p_firmware	-
cisco	sf350-10sfp_firmware	-
cisco	sf350-20_firmware	-
cisco	sf350-24_firmware	-
cisco	sf350-24mp_firmware	-
cisco	sf350-24p_firmware	-
cisco	sf350-28_firmware	-
cisco	sf350-28mp_firmware	-
cisco	sf350-28p_firmware	-
cisco	sf350-28sfp_firmware	-
cisco	sf350-48_firmware	-
cisco	sf350-48mp_firmware	-
cisco	sf350-48p_firmware	-
cisco	sf350-52_firmware	-
cisco	sf350-52mp_firmware	-
cisco	sf350-52p_firmware	-
cisco	sf350-8mp_firmware	-
cisco	sf350-8pd_firmware	-
cisco	sf352-08_firmware	-
cisco	sf352-08mp_firmware	-
cisco	sf352-08p_firmware	-
cisco	sf355-10p_firmware	-
cisco	sf500-18p_firmware	-
cisco	sf500-24_firmware	-
cisco	sf500-24mp_firmware	-
cisco	sf500-24p_firmware	-
cisco	sf500-48_firmware	-
cisco	sf500-48mp_firmware	-
cisco	sf500-48p_firmware	-
cisco	sf550x-24_firmware	-
cisco	sf550x-24mp_firmware	-
cisco	sf550x-24p_firmware	-
cisco	sf550x-48_firmware	-
cisco	sf550x-48mp_firmware	-
cisco	sf550x-48p_firmware	-
cisco	sg200-08_firmware	-
cisco	sg200-08p_firmware	-
cisco	sg200-10fp_firmware	-
cisco	sg200-18_firmware	-
cisco	sg200-26_firmware	-
cisco	sg200-26fp_firmware	-
cisco	sg200-26p_firmware	-
cisco	sg200-50_firmware	-
cisco	sg200-50fp_firmware	-
cisco	sg200-50p_firmware	-
cisco	sg250-08_firmware	-
cisco	sg250-08hp_firmware	-
cisco	sg250-10p_firmware	-
cisco	sg250-18_firmware	-
cisco	sg250-24_firmware	-
cisco	sg250-24p_firmware	-
cisco	sg250-26_firmware	-
cisco	sg250-26hp_firmware	-
cisco	sg250-26p_firmware	-
cisco	sg250-48_firmware	-
cisco	sg250-48hp_firmware	-
cisco	sg250-50_firmware	-
cisco	sg250-50hp_firmware	-
cisco	sg250-50p_firmware	-
cisco	sg250x-24_firmware	-
cisco	sg250x-24p_firmware	-
cisco	sg250x-48_firmware	-
cisco	sg250x-48p_firmware	-
cisco	sg300-10_firmware	-
cisco	sg300-10mp_firmware	-
cisco	sg300-10mpp_firmware	-
cisco	sg300-10p_firmware	-
cisco	sg300-10pp_firmware	-
cisco	sg300-10sfp_firmware	-
cisco	sg300-20_firmware	-
cisco	sg300-28_firmware	-
cisco	sg300-28mp_firmware	-
cisco	sg300-28p_firmware	-
cisco	sg300-28pp_firmware	-
cisco	sg300-28sfp_firmware	-
cisco	sg300-52_firmware	-
cisco	sg300-52mp_firmware	-
cisco	sg300-52p_firmware	-
cisco	sg350-10_firmware	-
cisco	sg350-10mp_firmware	-
cisco	sg350-10p_firmware	-
cisco	sg350-28_firmware	-
cisco	sg350-28mp_firmware	-
cisco	sg350-28p_firmware	-
cisco	sg350x-12pmv_firmware	-
cisco	sg350x-24_firmware	-
cisco	sg350x-24mp_firmware	-
cisco	sg350x-24p_firmware	-
cisco	sg350x-24pd_firmware	-
cisco	sg350x-24pv_firmware	-
cisco	sg350x-48_firmware	-
cisco	sg350x-48mp_firmware	-
cisco	sg350x-48p_firmware	-
cisco	sg350x-48pv_firmware	-
cisco	sg350x-8pmd_firmware	-
cisco	sg350xg-24f_firmware	-
cisco	sg350xg-24t_firmware	-
cisco	sg350xg-2f10_firmware	-
cisco	sg350xg-48t_firmware	-
cisco	sg355-10mp_firmware	-
cisco	sg355-10p_firmware	-
cisco	sg500-28_firmware	-
cisco	sg500-28mpp_firmware	-
cisco	sg500-28p_firmware	-
cisco	sg500-28pp_firmware	-
cisco	sg500-52p_firmware	-
cisco	sg500-52pp_firmware	-
cisco	sg500x-24_firmware	-
cisco	sg500x-24mpp_firmware	-
cisco	sg500x-24p_firmware	-
cisco	sg500x-48_firmware	-
cisco	sg500x-48mp_firmware	-
cisco	sg500x-48mpp_firmware	-
cisco	sg500x-48p_firmware	-
cisco	sg500x24mpp_firmware	-
cisco	sg500xg-8f8t_firmware	-
cisco	sg500xg8f8t_firmware	-
cisco	sg550x-24_firmware	-
cisco	sg550x-24mp_firmware	-
cisco	sg550x-24mpp_firmware	-
cisco	sg550x-24p_firmware	-
cisco	sg550x-48_firmware	-
cisco	sg550x-48mp_firmware	-
cisco	sg550x-48p_firmware	-
cisco	sg550x-48t_firmware	-
cisco	sg550xg-24f_firmware	-
cisco	sg550xg-24t_firmware	-
cisco	sg550xg-48t_firmware	-
cisco	sg550xg-8f8t_firmware	-

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
cisco	250_series_smart_switches_firmware	𝑥 < 2.5.9.16	ADP
cisco	350_series_managed_switches_firmware	𝑥 < 2.5.9.16	ADP
cisco	350x_series_stackable_managed_switches_firmware	𝑥 < 2.5.9.16	ADP
cisco	550x_series_stackable_managed_switches_firmware	𝑥 < 2.5.9.16	ADP
cisco	business_250_series_smart_switches_firmware	𝑥 < 3.3.0.16	ADP
cisco	business_350_series_managed_switches_firmware	𝑥 < 3.3.0.16	ADP
cisco	small_business_200_series_smart_switches_firmware	𝑥 < *	ADP
cisco	small_business_300_series_managed_switches_firmware	𝑥 < *	ADP
cisco	small_business_500_series_stackable_managed_switches_firmware	𝑥 < *	ADP

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv