Critical vulnerabilities found on Cisco Series 220 switches

Cisco is one of the world’s leading technology companies, so a security flaw in one of their equipment or solutions could compromise the operations of thousands of organizations, regardless of whether they are large companies or small businesses. Network security experts report the presence of three security flaws on Cisco 220 Series smart switches that could put a corporate network in a compromising situation.

After receiving the report, the company was quick to release the corresponding update patches, so users are advised to install these fixes as soon as possible.

In a security notice issued yesterday, the company advised organizations using these switches to update the device firmware as soon as possible to prevent attacks that could compromise enterprise networks.

Cisco added in their security notice that updates focused on switch firmware, and that it was essential for system administrators to install them to mitigate the risk of exploiting vulnerabilities, reported network security specialists.

The company added that vulnerabilities can be exploited by remote hackers to perform various malicious activities, such as uploading files, executing code, and injecting commands on exposed switches. In case system administrators are unable to install updates at this time, a workaround is to shut down the switch’s web management interface, as that is where the security flaws reside.

The first flaw (CVE-2019-1913) is a remote code execution vulnerability that received a score of 9.8/10 on the Common Vulnerability Scoring System (CVSS) scale; the flaw would allow hackers to execute malicious code with root user privileges by sending an HTTP or HTTPS request.

The second vulnerability (CVE-2019-1912) is an authentication bypass flaw that allows hackers to upload arbitrary files to the device. The flaw received a score of 9.1/10 on the CVSS scale.

Finally, the third vulnerability (CVE-2019-1914) is a command injection flaw that allows privilege escalations; to be exploited, attackers require a legitimate login to access the switch’s web interface. This vulnerability received a score of 7.2/10 on the CVSS scale.

Network security specialists from the International Institute for Cyber Security (IICS) claim that Cisco networking devices are one of the cybercriminals’ favorite targets due to their presence in virtually any implementation of business network. Just a few months ago, the company had released an update patch to fix remote code execution vulnerability present on millions of devices; this flaw received a score of 10/10 on the CVSS scale. 

Just a couple of months ago, a group of network security experts reported the discovery of a vulnerability, known as Tgrangrycat, that affected millions of Cisco routers, switches, and firewalls that allowed hackers to inject remote code by exploiting a known vulnerability. Just a few days ago, news was released that Cisco would pay compensation to the U.S. government due to the sale of vulnerable software. Cisco’s faulty product was used in monitoring and surveillance systems at the facilities of some government organizations.