Cisco has announced the resolution of four high-severity vulnerabilities that could potentially allow threat actors to remotely compromise network switches used by small businesses. The security flaws, identified as CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189, were found to enable hackers to exploit weaknesses in the web user interface, granting them the ability to execute arbitrary code with root privileges. The severity rating for all four vulnerabilities is 9.8 out of 10.
According to the security advisory issued by Cisco’s Product Security Incident Response Team (PSIRT), an attacker could exploit the vulnerabilities by sending a crafted request through the web-based user interface. Successful exploitation would result in the execution of unauthorized code with elevated privileges on the affected device.