• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Cisco Small Business Switches affected by DoS and information disclosure flaws

by Cyber360 News
January 30, 2020
in Security
0
Cisco Small Business Switches affected by DoS and information disclosure flaws
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Cisco addressed high-severity flaws in Small Business Switches that can be exploited to access sensitive device data and to trigger a DoS condition.

Cisco released security patches to addressed high-severity vulnerabilities in Small Business Switches that can be exploited to access sensitive device data and to trigger a DoS condition.

Both issues could be exploited by remote, unauthenticated attackers, they were reported by Ken Pyle of DFDR Consulting.

The first vulnerability, tracked as CVE-2019-15993, is an information disclosure issue that is caused by the lack of proper authentication controls. The vulnerability can be exploited by attackers by sending specially crafted HTTP requests to the user interface of vulnerable Cisco Small business Switches.

“A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information.” reads the security advisory published by Cisco. “The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.”

The second vulnerability is a DoS issue tracked as CVE-2020-3147 that is caused by improper validation of requests sent to the web interface. An attacker could exploit the issue by sending to the vulnerable devices specially crafted requests that will force the switches to reload and enter a DoS condition.

“A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.” reads the advisory published by Cisco.

“The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.”

Cisco is not aware of any attacks exploiting the vulnerabilities in the wild.

This week Cisco has also addressed a high-severity flaw in the Cisco Webex video conferencing platform (CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting.

In order to exploit the CVE-2020-3142 flaw, the attacker only needs to know the meeting ID that once inserted in the Webex mobile application for either iOS or Android will allow him to join the meeting bypassing any authentication.

Pierluigi Paganini

(SecurityAffairs – Cisco Small Business Switches, hacking)



Share On


Cyber360 News

Cyber360 News

Next Post
Kali Linux 2020.1 allows hackers to use NetHunter without rooting their phones.

Kali Linux 2020.1 allows hackers to use NetHunter without rooting their phones.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In