CVE-2023-20159 — Vulnetix

CVE-2023-20159 PUBLISHED

22. Mai 2023 In einigen Cisco-Switches existieren mehrere, teils kritische Sicherheitslücken. CVE-Nummer(n): CVE-2023-20024, CVE-2023-20156, CVE-2023-20157, CVE-2023-20158, CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20162, CVE-2023-20189 CVSS Base Score: bis 9.8

EPSS 4.89% · 89.8th percentile

Risk Scores

EPSS Score

4.89%

89.8th percentile

Affected Products

Vendor	Product	Versions
350X	350X Series Stackable Managed Switches
Business	Business 350 Series Managed Switches
Small	Small Business 500 Series Stackable Managed Switches (EOL)
Business	Business 250 Series Smart Switches
550X	550X Series Stackable Managed Switches
Small	Small Business 200 Series Smart Switches (EOL)
350	350 Series Managed Switches
Small	Small Business 300 Series Managed Switches (EOL)
250	250 Series Smart Switches

Exploit Intelligence

CIRCL seen: CVE-2023-20159 (circl-sighting)
CIRCL seen: CVE-2023-20159 (circl-sighting)
20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities (circl)

Timeline

May 18, 2023 CVE Published
May 18, 2023 EPSS Score
May 18, 2023 PoC Published
May 22, 2023 PoC Published
Jun 23, 2023 EPSS Score
Sep 4, 2023 EPSS Score
Oct 11, 2023 EPSS Score
Nov 16, 2023 EPSS Score
Jan 28, 2024 EPSS Score
Mar 5, 2024 EPSS Score
Apr 10, 2024 EPSS Score
May 17, 2024 EPSS Score

References

https://www.cert.at/de/warnungen/2023/5/kritische-sicherheitslucken-in-cisco-switches-exploit-code-offentlich-updates-teilweise-verfugbar advisory

Open in Interactive Console →