Ryan Moore

**Name of the Vulnerable Software and Affected Versions** Cisco 350 Series Managed Switches (SG350) (affected versions not specified) Cisco 350X Series Stackable Managed Switches (SG350X) (affected versions not specified) **Description** A flaw in the Simple Network Management Protocol (SNMP) subsystem occurs due to improper error handling when parsing response data for a specific SNMP request. An authenticated remote attacker can exploit this by sending a crafted SNMP request, causing the device to reload unexpectedly and resulting in a denial of service (DoS) condition. This issue affects SNMP versions 1, 2c, and 3. Exploitation via SNMPv2c or earlier requires a valid read-write or read-only SNMP community string, while exploitation via SNMPv3 requires valid SNMP user credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** perfSONAR versions 4.4.5 and prior **Description** An issue in the graphData.cgi component allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. **Recommendations** For versions 4.4.5 and prior, consider disabling the graphData.cgi component until a patch is available to prevent exploitation. Restrict access to sensitive data to minimize the risk of unauthorized access. As a temporary workaround, restrict the functionality of the graphData.cgi component to prevent SSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** perfSONAR versions 4.x through 4.4.5 **Description** The issue is a Cross-Site Request Forgery (CSRF) that occurs when an attacker injects crafted input into the `Search` function. **Recommendations** For versions 4.x through 4.4.5, consider disabling the `Search` function until a patch is available to prevent exploitation of the CSRF issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.