Free Trial

Denial of Service vuln in web UI of Cisco Small Business Switches

http://ashmann.uk/tag/flume Overview :
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
very cheap clomid Affected Product(s) :

This vulnerability affects the following Cisco products if they are running a firmware release earlier than 1.3.7.18:

  • 200 Series Smart Switches
  • 300 Series Managed Switches
  • 500 Series Stackable Managed Switches
Vulnerability Details :
CVE ID : CVE-2020-3147
The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18

Solution :

Cisco fixed this vulnerability in firmware Release 1.3.7.18 for the following Cisco products:

  • 200 Series Smart Switches
  • 300 Series Managed Switches
  • 500 Series Stackable Managed Switches

To download the firmware from the Software Center on Cisco.com, do the following:

  1. Click Browse all.
  2. Choose Switches > LAN Switches – Small Business.
  3. Choose a specific product from the right pane of the product selector.
  4. Choose Smart Switch Firmware or Switch Firmware.
  5. Choose a release from the left pane of the page.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION

CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more

Learn more
CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the

Learn more
CVE-2024-29733 : APACHE AIRFLOW UP TO 3.6.X FTP PROVIDER CERTIFICATE VALIDATION

CVE-2024-29733 : APACHE AIRFLOW UP TO 3.6.X FTP PROVIDER CERTIFICATE VALIDATION

Description Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections,

Learn more