Cisco Switches Multiple Vulnerabilities

Impact

• Denial of Service
• Information Disclosure

System / Technologies affected

CVE-2019-15993

Firmware version prior to 2.5.0.92:

• 250 Series Smart Switches
• 350 Series Managed Switches
• 350X Series Stackable Managed Switches
• 550X Series Stackable Managed Switches

Firmware version prior to 1.4.11.4:

• 200 Series Smart Switches
• 300 Series Managed Switches
• 500 Series Stackable Managed Switches

CVE-2020-3147

Firmware version prior to 1.3.7.18:

• 200 Series Smart Switches
• 300 Series Managed Switches
• 500 Series Stackable Managed Switches
   

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

CVE-2019-15993

Firmware version 2.5.0.92:

•     250 Series Smart Switches
•     350 Series Managed Switches
•     350X Series Stackable Managed Switches
•     550X Series Stackable Managed Switches

Firmware version 1.4.11.4: 

•     200 Series Smart Switches
•     300 Series Managed Switches
•     500 Series Stackable Managed Switches

CVE-2020-3147

Firmware version 1.3.7.18:

•     200 Series Smart Switches
•     300 Series Managed Switches
•     500 Series Stackable Managed Switches

Vulnerability Identifier

• CVE-2020-3147
• CVE-2019-15993

Source

• AusCERT
• Cisco

Related Link

• https://tools.cisco.com/security/center/publicationListing.x
• https://www.auscert.org.au/bulletins/ESB-2020.0339/
• https://www.auscert.org.au/bulletins/ESB-2020.0340/