Share This:

Advisory Overview

Cisco Systems is warning its customers about a Remote Code Execution (RCE) vulnerability in its line of small business switches. Please be aware that end of life (EOL) products will not be patched (see table below). SKOUT advises patching affected devices and upgrading EOL hardware.

Technical detail and additional information

What is the threat?

A remote code execution vulnerability in certain Cisco’s switches could allow an attacker to hijack their target’s session, gaining access to the web-based management interface. 

Why is this noteworthy?

If your network switch is compromised, your entire network is at the mercy of the attacker.  They could completely incapacitate your network by erasing your switch configuration as well as locking out your network admin accounts which would prevent them from remediating the issue. 

What is the exposure or risk?

If the threat actor has compromised an administrator account, they could disable security features on your Cisco switches, which could aid the attacker in data exfiltration. For example, ARP cache poisoning, a type of attack where the attacker spoofs the MAC address to steal network traffic meant for another machine. 

What are the recommendations?

SKOUT recommends installing the patch released by Cisco.  If your Cisco device is end of life, we highly recommend reaching out to your Cisco vendor to update the necessary hardware.

Security updates for the Cisco products affected:

Product Status
250 Series Smart Switches Patch Available
350 Series Managed Switches Patch Available
350X Series Stackable Managed Switches Patch Available
550X Series Stackable Managed Switches Patch Available
Small Business 200 Series Smart Switches No Patch Available / End of Life
Small Business 300 Series Smart Switches No Patch Available / End of Life
Small Business 500 Series Stackable Managed Switches No Patch Available / End of Life

Link to Patch Downloads:

The patch is available from Cisco’s Software Center on Cisco.com.  Click “Browse all” and navigate to Switches > LAN Switches – Small Business.

References:

If you have any questions, please contact our Security Operations Center.


Share This:
Doris Au

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published. Required fields are marked *