A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device.
The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | 300_series_managed_switches | any | cpe:2.3:h:cisco:300_series_managed_switches:any:*:*:*:*:*:*:* |
cisco | small_business_srp541w | 300_series_managed_switches | cpe:2.3:h:cisco:small_business_srp541w:300_series_managed_switches:*:*:*:*:*:*:* |