High-Severity Vulnerability Discovered in Cisco Small Business Switches

High-Severity Vulnerability Discovered in Cisco Small Business Switches

Several Cisco switches suitable for small business use have been found to be vulnerable to a serious security issue that could result in attackers gaining unauthorized access to the management console. While Cisco reports that no exploits for this vulnerability (CVE-2020-3297) have yet been seen, the nature of this issue suggests a proof of concept would not be difficult to create.

Affected Devices

The switches affected by this vulnerability are:

  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches
  • Small Business 200 Series Smart Switches
  • Small Business 300 Series Managed Switches
  • Small Business 500 Series Stackable Managed Switches

Remediation

Cisco has released a firmware update to fix this issue for the following devices:

  • Cisco 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches

However, Cisco has confirmed that they “will not provide a firmware fix” for the following devices as they are past their End-of-Life date:

  • Small Business 200 Series Smart Switches
  • Small Business 300 Series Managed Switches
  • Small Business 500 Series Stackable Managed Switches