Cisco has issued a warning to its customers regarding four critical remote code execution vulnerabilities that affect multiple Small Business Series Switches. These flaws have received almost maximum severity ratings and can allow unauthenticated attackers to execute arbitrary code with root privileges on compromised devices.
The vulnerabilities are a result of improper validation of requests sent to the switches’ web interfaces, and they can be exploited through maliciously crafted requests without requiring user interaction. The affected Cisco switches include various series, and while some have received patches, others are not eligible due to being in the end-of-life process.
Cisco’s Product Security Incident Response Team (PSIRT) has revealed that proof-of-concept exploit code for these vulnerabilities is publicly available, raising concerns about potential active exploitation by threat actors targeting vulnerable devices with remote access. However, Cisco’s PSIRT has not yet detected any evidence of these vulnerabilities being actively exploited.
In addition to addressing these issues, Cisco is also working on patching a cross-site scripting vulnerability in its Prime Collaboration Deployment (PCD) server management tool.
A recent joint advisory from the US, UK, and Cisco warned of APT28 Russian military hackers using custom ‘Jaguar Tooth’ malware on Cisco IOS routers to gain unauthorized access to compromised devices, emphasizing the importance of maintaining robust security measures.
