CVE-2023-20189 — Vulnetix

CVE-2023-20189 PUBLISHED

22. Mai 2023 In einigen Cisco-Switches existieren mehrere, teils kritische Sicherheitslücken. CVE-Nummer(n): CVE-2023-20024, CVE-2023-20156, CVE-2023-20157, CVE-2023-20158, CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20162, CVE-2023-20189 CVSS Base Score: bis 9.8

EPSS 4.44% · 89.3th percentile

Risk Scores

EPSS Score

4.44%

89.3th percentile

Affected Products

Vendor	Product	Versions
350X	350X Series Stackable Managed Switches
Business	Business 250 Series Smart Switches
Small	Small Business 300 Series Managed Switches (EOL)
Small	Small Business 500 Series Stackable Managed Switches (EOL)
Business	Business 350 Series Managed Switches
Small	Small Business 200 Series Smart Switches (EOL)
350	350 Series Managed Switches
550X	550X Series Stackable Managed Switches
250	250 Series Smart Switches

Exploit Intelligence

CIRCL seen: CVE-2023-20189 (circl-sighting)
CIRCL seen: CVE-2023-20189 (circl-sighting)
20230517 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities (circl)

Timeline

May 18, 2023 CVE Published
May 18, 2023 EPSS Score
May 18, 2023 PoC Published
May 22, 2023 PoC Published
Jun 23, 2023 EPSS Score
Sep 4, 2023 EPSS Score
Oct 11, 2023 EPSS Score
Dec 23, 2023 EPSS Score
Jan 28, 2024 EPSS Score
Mar 5, 2024 EPSS Score
May 17, 2024 EPSS Score
Jun 22, 2024 EPSS Score

References

https://www.cert.at/de/warnungen/2023/5/kritische-sicherheitslucken-in-cisco-switches-exploit-code-offentlich-updates-teilweise-verfugbar advisory

Open in Interactive Console →