Vulnerabilities allow unauthenticated remote attackers to access sensitive device information and launch denial of service attacks.
Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. The flaws allow remote unauthenticated adversaries to access sensitive information and level denial-of-service (DoS) attacks against affected gear.
Impacted are Series Smart Switches, Series Managed Switches and Series Stackable Managed Switches. Cisco said it was unaware of active exploitation of the vulnerabilities and software updates remediating the flaws are available, however no workaround fixes are available.
The vulnerabilities include an information disclosure flaw (CVE-2019-15993) and a bug (CVE-2020-3147) that creates conditions optimum for a DoS attack.
For More Details :
https://threatpost.com/cisco-patches-high-severity-bugs-in-switch-lineup/152392/
