Three of Cisco’s most popular switches for SMBs contain serious security flaws that could allow a hacker to remotely access the device and infiltrate an organisation’s network.
The critical vulnerabilities, which affect Cisco’s Small Business 220 Series of smart switches, include a remote code execution (RCE) bug rated 9.8/10 by Cisco in terms of threat severity, an authentication bypass rated 9.1/10 and a command injection rated 7.2/10 .
The two most severe bugs – the authentication bypass and command injection – can be exploited by a hacker over the internet without the need for authentication on the device. “Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS,” said Cisco in an advisory notice.
Read more…
Source: ITPro