Contáctanos al
1510
Resumen
El CSIRT de Gobierno comparte vulnerabilidades informadas por Cisco para varios de sus switches.
Vulnerabilidades
CVE-2023-20159
CVE-2023-20160
CVE-2023-20161
CVE-2023-20189
CVE-2023-20024
CVE-2023-20156
CVE-2023-20157
CVE-2023-20158
CVE-2023-20162
Impacto
Vulnerabilidades de riesgo alto
CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20189: Vulnerabilidades en la interfaz usuario basada en web de Cisco Small
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Productos afectados
250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, and 550X Series Stackable Managed Switches (fixed in firmware version 2.5.9.16).
Business 250 Series Smart Switches and Business 350 Series Managed Switches (fixed in firmware version 3.3.0.16).
Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches (no patch available).
Enlaces
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20162
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00834-01.