1. Home
  2. CVE Database
  3. CVE-2023-20161
HIGH · 8.6

CVE-2023-20161

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or...

Vulnerability Description

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoBusiness 250-16P-2G Firmware-
CiscoBusiness 250-16P-2G-
CiscoBusiness 250-16T-2G Firmware-
CiscoBusiness 250-16T-2G-
CiscoBusiness 250-24Fp-4G Firmware-
CiscoBusiness 250-24Fp-4G-
CiscoBusiness 250-24Fp-4X Firmware-
CiscoBusiness 250-24Fp-4X-
CiscoBusiness 250-24P-4G Firmware-
CiscoBusiness 250-24P-4G-
CiscoBusiness 250-24P-4X Firmware-
CiscoBusiness 250-24P-4X-
CiscoBusiness 250-24Pp-4G Firmware-
CiscoBusiness 250-24Pp-4G-
CiscoBusiness 250-24T-4G Firmware-
CiscoBusiness 250-24T-4G-
CiscoBusiness 250-24T-4X Firmware-
CiscoBusiness 250-24T-4X-
CiscoBusiness 250-48P-4G Firmware-
CiscoBusiness 250-48P-4G-

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2023-20161?

CVE-2023-20161 is a vulnerability with a CVSS score of 8.6 (HIGH). Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or...

How severe is CVE-2023-20161?

CVE-2023-20161 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20161?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Business 250-16P-2G Firmware, Cisco Business 250-16P-2G, Cisco Business 250-16T-2G Firmware, Cisco Business 250-16T-2G, Cisco Business 250-24Fp-4G Firmware.