Cisco has reported four critical vulnerabilities in its switches. A simple exploit allows attackers to execute arbitrary code with root rights on compromised devices. And then the full set: all four vulnerabilities at 9.8 points are exploited separately, do not require user participation, and there are already proof-of-concepts for them on the network.
The vulnerabilities are related to incorrect validation of requests sent to the switch web interfaces. Which, in fact, allows attackers to send a malicious request for an attack. In switches of the 250, 350, 350X and 550X series, including business models, vulnerabilities are fixed in the latest firmware versions. But the outdated models of the 200, 300 and 500 series, alas, will remain without patches, since their support has already ended. So it’s definitely time to disconnect these old men from the network. Learn more about the vulnerabilities in the Cisco report (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv).