skout-blog

Cybersecurity Threat Advisory 0046-20: Cisco Small Business Switches RCE (CVE-2020-3297)


Advisory Overview

Cisco Systems is warning its customers about a Remote Code Execution (RCE) vulnerability in its line of small business switches. Please be aware that end of life (EOL) products will not be patched (see table below). SKOUT advises patching affected devices and upgrading EOL hardware.

Technical detail and additional information

What is the threat?

A remote code execution vulnerability in certain Cisco’s switches could allow an attacker to hijack their target’s session, gaining access to the web-based management interface. 

Why is this noteworthy?

If your network switch is compromised, your entire network is at the mercy of the attacker.  They could completely incapacitate your network by erasing your switch configuration as well as locking out your network admin accounts which would prevent them from remediating the issue. 

What is the exposure or risk?

If the threat actor has compromised an administrator account, they could disable security features on your Cisco switches, which could aid the attacker in data exfiltration. For example, ARP cache poisoning, a type of attack where the attacker spoofs the MAC address to steal network traffic meant for another machine. 

What are the recommendations?

SKOUT recommends installing the patch released by Cisco.  If your Cisco device is end of life, we highly recommend reaching out to your Cisco vendor to update the necessary hardware.

Security updates for the Cisco products affected:

ProductStatus
250 Series Smart SwitchesPatch Available
350 Series Managed SwitchesPatch Available
350X Series Stackable Managed SwitchesPatch Available
550X Series Stackable Managed SwitchesPatch Available
Small Business 200 Series Smart SwitchesNo Patch Available / End of Life
Small Business 300 Series Smart SwitchesNo Patch Available / End of Life
Small Business 500 Series Stackable Managed SwitchesNo Patch Available / End of Life

Link to Patch Downloads:

The patch is available from Cisco’s Software Center on Cisco.com.  Click “Browse all” and navigate to Switches > LAN Switches – Small Business.

References:

If you have any questions, please contact our Security Operations Center.