CVE-2023-20156

18.05.2023, 03:15

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
cisco	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Vendor	Product	Version
cisco	business_250-16p-2g_firmware	-
cisco	business_250-16t-2g_firmware	-
cisco	business_250-24fp-4g_firmware	-
cisco	business_250-24fp-4x_firmware	-
cisco	business_250-24p-4g_firmware	-
cisco	business_250-24p-4x_firmware	-
cisco	business_250-24pp-4g_firmware	-
cisco	business_250-24t-4g_firmware	-
cisco	business_250-24t-4x_firmware	-
cisco	business_250-48p-4g_firmware	-
cisco	business_250-48p-4x_firmware	-
cisco	business_250-48pp-4g_firmware	-
cisco	business_250-48t-4g_firmware	-
cisco	business_250-48t-4x_firmware	-
cisco	business_250-8fp-e-2g_firmware	-
cisco	business_250-8p-e-2g_firmware	-
cisco	business_250-8pp-d_firmware	-
cisco	business_250-8pp-e-2g_firmware	-
cisco	business_250-8t-d_firmware	-
cisco	business_250-8t-e-2g_firmware	-
cisco	business_350-12np-4x_firmware	-
cisco	business_350-12xs_firmware	-
cisco	business_350-12xt_firmware	-
cisco	business_350-16fp-2g_firmware	-
cisco	business_350-16p-2g_firmware	-
cisco	business_350-16p-e-2g_firmware	-
cisco	business_350-16t-2g_firmware	-
cisco	business_350-16t-e-2g_firmware	-
cisco	business_350-16xts_firmware	-
cisco	business_350-24fp-4g_firmware	-
cisco	business_350-24fp-4x_firmware	-
cisco	business_350-24mgp-4x_firmware	-
cisco	business_350-24ngp-4x_firmware	-
cisco	business_350-24p-4g_firmware	-
cisco	business_350-24p-4x_firmware	-
cisco	business_350-24s-4g_firmware	-
cisco	business_350-24t-4g_firmware	-
cisco	business_350-24t-4x_firmware	-
cisco	business_350-24xs_firmware	-
cisco	business_350-24xt_firmware	-
cisco	business_350-24xts_firmware	-
cisco	business_350-48fp-4g_firmware	-
cisco	business_350-48fp-4x_firmware	-
cisco	business_350-48ngp-4x_firmware	-
cisco	business_350-48p-4g_firmware	-
cisco	business_350-48p-4x_firmware	-
cisco	business_350-48t-4g_firmware	-
cisco	business_350-48t-4x_firmware	-
cisco	business_350-48xt-4x_firmware	-
cisco	business_350-8fp-2g_firmware	-
cisco	business_350-8fp-e-2g_firmware	-
cisco	business_350-8mgp-2x_firmware	-
cisco	business_350-8mp-2x_firmware	-
cisco	business_350-8p-2g_firmware	-
cisco	business_350-8p-e-2g_firmware	-
cisco	business_350-8s-e-2g_firmware	-
cisco	business_350-8t-e-2g_firmware	-
cisco	business_350-8xt_firmware	-
cisco	sf200-24_firmware	-
cisco	sf200-24fp_firmware	-
cisco	sf200-24p_firmware	-
cisco	sf200-48_firmware	-
cisco	sf200-48p_firmware	-
cisco	sf200e-24_firmware	-
cisco	sf200e-24p_firmware	-
cisco	sf200e-48_firmware	-
cisco	sf200e-48p_firmware	-
cisco	sf200e48p_firmware	-
cisco	sf250-08_firmware	-
cisco	sf250-08hp_firmware	-
cisco	sf250-10p_firmware	-
cisco	sf250-18_firmware	-
cisco	sf250-24_firmware	-
cisco	sf250-24p_firmware	-
cisco	sf250-26_firmware	-
cisco	sf250-26hp_firmware	-
cisco	sf250-26p_firmware	-
cisco	sf250-48_firmware	-
cisco	sf250-48hp_firmware	-
cisco	sf250-50_firmware	-
cisco	sf250-50hp_firmware	-
cisco	sf250-50p_firmware	-
cisco	sf250x-24_firmware	-
cisco	sf250x-24p_firmware	-
cisco	sf250x-48_firmware	-
cisco	sf250x-48p_firmware	-
cisco	sf300-08_firmware	-
cisco	sf300-24_firmware	-
cisco	sf300-24mp_firmware	-
cisco	sf300-24p_firmware	-
cisco	sf300-24pp_firmware	-
cisco	sf300-48_firmware	-
cisco	sf300-48p_firmware	-
cisco	sf300-48pp_firmware	-
cisco	sf302-08_firmware	-
cisco	sf302-08mpp_firmware	-
cisco	sf302-08pp_firmware	-
cisco	sf350-08_firmware	-
cisco	sf350-10_firmware	-
cisco	sf350-10mp_firmware	-
cisco	sf350-10p_firmware	-
cisco	sf350-10sfp_firmware	-
cisco	sf350-20_firmware	-
cisco	sf350-24_firmware	-
cisco	sf350-24mp_firmware	-
cisco	sf350-24p_firmware	-
cisco	sf350-28_firmware	-
cisco	sf350-28mp_firmware	-
cisco	sf350-28p_firmware	-
cisco	sf350-28sfp_firmware	-
cisco	sf350-48_firmware	-
cisco	sf350-48mp_firmware	-
cisco	sf350-48p_firmware	-
cisco	sf350-52_firmware	-
cisco	sf350-52mp_firmware	-
cisco	sf350-52p_firmware	-
cisco	sf350-8mp_firmware	-
cisco	sf350-8pd_firmware	-
cisco	sf352-08_firmware	-
cisco	sf352-08mp_firmware	-
cisco	sf352-08p_firmware	-
cisco	sf355-10p_firmware	-
cisco	sf500-18p_firmware	-
cisco	sf500-24_firmware	-
cisco	sf500-24mp_firmware	-
cisco	sf500-24p_firmware	-
cisco	sf500-48_firmware	-
cisco	sf500-48mp_firmware	-
cisco	sf500-48p_firmware	-
cisco	sf550x-24_firmware	-
cisco	sf550x-24mp_firmware	-
cisco	sf550x-24p_firmware	-
cisco	sf550x-48_firmware	-
cisco	sf550x-48mp_firmware	-
cisco	sf550x-48p_firmware	-
cisco	sg200-08_firmware	-
cisco	sg200-08p_firmware	-
cisco	sg200-10fp_firmware	-
cisco	sg200-18_firmware	-
cisco	sg200-26_firmware	-
cisco	sg200-26fp_firmware	-
cisco	sg200-26p_firmware	-
cisco	sg200-50_firmware	-
cisco	sg200-50fp_firmware	-
cisco	sg200-50p_firmware	-
cisco	sg250-08_firmware	-
cisco	sg250-08hp_firmware	-
cisco	sg250-10p_firmware	-
cisco	sg250-18_firmware	-
cisco	sg250-24_firmware	-
cisco	sg250-24p_firmware	-
cisco	sg250-26_firmware	-
cisco	sg250-26hp_firmware	-
cisco	sg250-26p_firmware	-
cisco	sg250-48_firmware	-
cisco	sg250-48hp_firmware	-
cisco	sg250-50_firmware	-
cisco	sg250-50hp_firmware	-
cisco	sg250-50p_firmware	-
cisco	sg250x-24_firmware	-
cisco	sg250x-24p_firmware	-
cisco	sg250x-48_firmware	-
cisco	sg250x-48p_firmware	-
cisco	sg300-10_firmware	-
cisco	sg300-10mp_firmware	-
cisco	sg300-10mpp_firmware	-
cisco	sg300-10p_firmware	-
cisco	sg300-10pp_firmware	-
cisco	sg300-10sfp_firmware	-
cisco	sg300-20_firmware	-
cisco	sg300-28_firmware	-
cisco	sg300-28mp_firmware	-
cisco	sg300-28p_firmware	-
cisco	sg300-28pp_firmware	-
cisco	sg300-28sfp_firmware	-
cisco	sg300-52_firmware	-
cisco	sg300-52mp_firmware	-
cisco	sg300-52p_firmware	-
cisco	sg350-10_firmware	-
cisco	sg350-10mp_firmware	-
cisco	sg350-10p_firmware	-
cisco	sg350-28_firmware	-
cisco	sg350-28mp_firmware	-
cisco	sg350-28p_firmware	-
cisco	sg350x-12pmv_firmware	-
cisco	sg350x-24_firmware	-
cisco	sg350x-24mp_firmware	-
cisco	sg350x-24p_firmware	-
cisco	sg350x-24pd_firmware	-
cisco	sg350x-24pv_firmware	-
cisco	sg350x-48_firmware	-
cisco	sg350x-48mp_firmware	-
cisco	sg350x-48p_firmware	-
cisco	sg350x-48pv_firmware	-
cisco	sg350x-8pmd_firmware	-
cisco	sg350xg-24f_firmware	-
cisco	sg350xg-24t_firmware	-
cisco	sg350xg-2f10_firmware	-
cisco	sg350xg-48t_firmware	-
cisco	sg355-10mp_firmware	-
cisco	sg355-10p_firmware	-
cisco	sg500-28_firmware	-
cisco	sg500-28mpp_firmware	-
cisco	sg500-28p_firmware	-
cisco	sg500-28pp_firmware	-
cisco	sg500-52p_firmware	-
cisco	sg500-52pp_firmware	-
cisco	sg500x-24_firmware	-
cisco	sg500x-24mpp_firmware	-
cisco	sg500x-24p_firmware	-
cisco	sg500x-48_firmware	-
cisco	sg500x-48mp_firmware	-
cisco	sg500x-48mpp_firmware	-
cisco	sg500x-48p_firmware	-
cisco	sg500x24mpp_firmware	-
cisco	sg500xg-8f8t_firmware	-
cisco	sg500xg8f8t_firmware	-
cisco	sg550x-24_firmware	-
cisco	sg550x-24mp_firmware	-
cisco	sg550x-24mpp_firmware	-
cisco	sg550x-24p_firmware	-
cisco	sg550x-48_firmware	-
cisco	sg550x-48mp_firmware	-
cisco	sg550x-48p_firmware	-
cisco	sg550x-48t_firmware	-
cisco	sg550xg-24f_firmware	-
cisco	sg550xg-24t_firmware	-
cisco	sg550xg-48t_firmware	-
cisco	sg550xg-8f8t_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv