CVE-2023-20188

Summary

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Small Business Smart and Managed Switches1.0.0.16affected
CiscoCisco Small Business Smart and Managed Switches1.0.0.19affected
CiscoCisco Small Business Smart and Managed Switches1.0.0.27affected
CiscoCisco Small Business Smart and Managed Switches1.0.1.0affected
CiscoCisco Small Business Smart and Managed Switches1.0.2.0affected
CiscoCisco Small Business Smart and Managed Switches1.0.3.3affected
CiscoCisco Small Business Smart and Managed Switches1.0.4.5affected
CiscoCisco Small Business Smart and Managed Switches1.0.5.1affected
CiscoCisco Small Business Smart and Managed Switches1.0.6.2affected
CiscoCisco Small Business Smart and Managed Switches1.0.7.4affected
CiscoCisco Small Business Smart and Managed Switches1.0.8.3affected
CiscoCisco Small Business Smart and Managed Switches1.1.0.72affected
CiscoCisco Small Business Smart and Managed Switches1.1.0.73affected
CiscoCisco Small Business Smart and Managed Switches1.1.1.8affected
CiscoCisco Small Business Smart and Managed Switches1.1.2.0affected
CiscoCisco Small Business Smart and Managed Switches1.2.0.97affected
CiscoCisco Small Business Smart and Managed Switches1.2.5.70affected
CiscoCisco Small Business Smart and Managed Switches1.2.7.76affected
CiscoCisco Small Business Smart and Managed Switches1.2.9.44affected
CiscoCisco Small Business Smart and Managed Switches1.3.0.59affected
CiscoCisco Small Business Smart and Managed Switches1.3.0.62affected
CiscoCisco Small Business Smart and Managed Switches1.3.2.2affected
CiscoCisco Small Business Smart and Managed Switches1.3.5.58affected
CiscoCisco Small Business Smart and Managed Switches1.3.7.18affected
CiscoCisco Small Business Smart and Managed Switches1.4.0.88affected
CiscoCisco Small Business Smart and Managed Switches1.4.1.03affected
CiscoCisco Small Business Smart and Managed Switches1.4.10.06affected
CiscoCisco Small Business Smart and Managed Switches1.4.11.02affected
CiscoCisco Small Business Smart and Managed Switches1.4.11.04affected
CiscoCisco Small Business Smart and Managed Switches1.4.11.5affected
CiscoCisco Small Business Smart and Managed Switches1.4.2.04affected
CiscoCisco Small Business Smart and Managed Switches1.4.5.02affected
CiscoCisco Small Business Smart and Managed Switches1.4.7.05affected
CiscoCisco Small Business Smart and Managed Switches1.4.7.06affected
CiscoCisco Small Business Smart and Managed Switches1.4.8.06affected
CiscoCisco Small Business Smart and Managed Switches1.4.9.04affected
CiscoCisco Small Business Smart and Managed Switches1.4.9.4affected

Weaknesses

  • CWE-87: Improper Neutralization of Alternate XSS Syntax

ADP Enrichment

CVE Program Container

Additional References

References