Multiple vulnerabilities have been discovered in Cisco Small Business routers, allowing bad actors to remotely execute arbitrary code with root privileges on an affected device and cause a denial of service (DoS) condition. These vulnerabilities are due to improper validation of requests that are sent to the web interface. This flaw poses a significant risk as it could lead to unauthorized access, data breaches, and potential disruption of business operations. Barracuda MSP strongly recommends applying the latest security updates provided by Cisco to mitigate these vulnerabilities and enhance the security of affected devices.
What is the threat?
The threat involves multiple vulnerabilities in the web management interface of Cisco Small Business routers- Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring system. The vulnerabilities include:
- CVE-2023-20159(CVSS score: 9.8): Cisco Small Business Series Switches Stack Buffer Overflow Vulnerability
- CVE-2023-20160(CVSS score: 9.8): Cisco Small Business Series Switches Unauthenticated BSS Buffer Overflow Vulnerability
- CVE-2023-20161(CVSS score: 9.8): Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability
- CVE-2023-20189(CVSS score: 9.8): Cisco Small Business Series Switches Unauthenticated Stack Buffer Overflow Vulnerability
- CVE-2023-20024(CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
- CVE-2023-20156(CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
- CVE-2023-20157(CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Heap Buffer Overflow Vulnerability
- CVE-2023-20158(CVSS score: 8.6): Cisco Small Business Series Switches Unauthenticated Denial-of-Service Vulnerability
- CVE-2023-20162(CVSS score: 7.5): Cisco Small Business Series Switches Unauthenticated Configuration Reading Vulnerability
The flaws include improper input validation, command injection, and arbitrary code execution vulnerabilities. By sending crafted requests to the targeted routers, an attacker could exploit these vulnerabilities to execute arbitrary code with elevated privileges on the device. This could result in the compromise of the router, unauthorized access to sensitive information, and the potential for further network infiltration. The vulnerabilities affect the following Cisco Small Business Switches if they are running a vulnerable firmware release:
- 250 Series Smart Switches
- 350 Series Managed Switches
- 350X Series Stackable Managed Switches
- 550X Series Stackable Managed Switches
- Business 250 Series Smart Switches
- Business 350 Series Managed Switches
- Small Business 200 Series Smart Switches
- Small Business 300 Series Managed Switches
- Small Business 500 Series Stackable Managed Switches
Why is it noteworthy?
Cisco Small Business routers are used by businesses globally, making them a lucrative attack vector for threat actors. The ability for attackers to remotely execute arbitrary code with elevated privileges poses a significant risk, potentially leading to unauthorized access and compromise of sensitive information. Furthermore, the compromise of routers can serve as a gateway for further network infiltration and malicious activities. The Cisco Product Security Incident Response Team (PSIRT) also revealed that proof-of-concept exploit code is available for these security flaws, which could lead to active exploitation if motivated threat actors create their own. It is crucial to address these vulnerabilities promptly to prevent potential data breaches, financial losses, and reputational damage.
What is the exposure or risk?
Upon successful exploitation, an attacker can execute arbitrary code with elevated privileges, potentially leading to unauthorized access to the routers. This unauthorized access can enable threat actors to intercept and manipulate network traffic, compromise sensitive information, and gain a foothold within the organization’s network.
Furthermore, the compromised routers can serve as a launching pad, enabling attackers to pivot into other parts of the network, escalate their privileges, and potentially target critical systems or data repositories. This raises the risk of data breaches, financial losses, and disruption of business operations.
Organizations who rely heavily on Cisco Small Business routers, such as small and medium-sized businesses (SMBs) and branch offices, are particularly at risk. Any entity that utilizes these routers for their network infrastructure, including service providers, government organizations, and enterprises, are potentially affected by these vulnerabilities. It is crucial for these entities to address these vulnerabilities in a timely manner to mitigate the risks associated with unauthorized access and potential network compromise.
What are the recommendations?
Barracuda MSP recommends the following actions to ensure your systems are secured:
- Apply security patch update: Cisco has released security updates addressing these vulnerabilities. Organizations using Cisco Small Business routers should promptly apply the latest firmware updates to ensure the devices are protected.
- Implement network segmentation: Segmenting the network and restricting access to critical devices, including routers, can help contain potential compromises and limit the impact of an attack.
- Enable strong authentication: Ensure that strong authentication mechanisms, such as two-factor authentication (2FA), are enforced for router access to prevent unauthorized access attempts.
- Monitor network log activity: Leverage services such as Barracuda XDR Network Security for proactive detections of suspicious activities or attempts to exploit these vulnerabilities.
- Regular security assessments: Conduct regular vulnerability assessments and penetration tests on network infrastructure, including routers, to identify and remediate any potential weaknesses.
- Stay informed: Subscribe to SmarterMSP blog for up-to-date cybersecurity threat advisories. This enables organizations to take proactive measures to protect their infrastructure.
References
For more in-depth information about the recommendations, please visit the following links:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv
- https://thehackernews.com/2023/05/critical-flaws-in-cisco-small-business.html
- https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-switch-bugs-with-public-exploit-code/
If you have any questions, please contact our Security Operations Center.