Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup

Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. The flaws allow remote unauthenticated adversaries to access sensitive information and level denial-of-service (DoS) attacks against affected gear. Impacted are Series Smart Switches, Series Managed Switches and Series Stackable Managed Switches. Cisco said it was unaware of active exploitation of the vulnerabilities and software updates remediating the flaws are available, however no workaround fixes are available. The vulnerabilities include an information disclosure flaw (CVE-2019-15993) and a bug (CVE-2020-3147) that creates conditions optimum for a DoS attack.