CVE-2023-20158 — Vulnetix

CVE-2023-20158 PUBLISHED

22. Mai 2023 In einigen Cisco-Switches existieren mehrere, teils kritische Sicherheitslücken. CVE-Nummer(n): CVE-2023-20024, CVE-2023-20156, CVE-2023-20157, CVE-2023-20158, CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20162, CVE-2023-20189 CVSS Base Score: bis 9.8

EPSS 2.26% · 85.0th percentile

Risk Scores

EPSS Score

2.26%

85.0th percentile

Affected Products

Vendor	Product	Versions
350X	350X Series Stackable Managed Switches
250	250 Series Smart Switches
Small	Small Business 300 Series Managed Switches (EOL)
Business	Business 250 Series Smart Switches
350	350 Series Managed Switches
550X	550X Series Stackable Managed Switches
Small	Small Business 500 Series Stackable Managed Switches (EOL)
Small	Small Business 200 Series Smart Switches (EOL)
Business	Business 350 Series Managed Switches

Exploit Intelligence

CIRCL seen: CVE-2023-20158 (circl-sighting)
20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities (circl)

Timeline

May 18, 2023 CVE Published
May 18, 2023 EPSS Score
May 22, 2023 PoC Published
Jun 23, 2023 EPSS Score
Jul 30, 2023 EPSS Score
Oct 11, 2023 EPSS Score
Nov 16, 2023 EPSS Score
Dec 23, 2023 EPSS Score
Jan 28, 2024 EPSS Score
Mar 5, 2024 EPSS Score
May 17, 2024 EPSS Score
Jun 22, 2024 EPSS Score

References

https://www.cert.at/de/warnungen/2023/5/kritische-sicherheitslucken-in-cisco-switches-exploit-code-offentlich-updates-teilweise-verfugbar advisory

Open in Interactive Console →