CVE-2020-3297

Name of the Vulnerable Software and Affected Versions Cisco Small Business Smart and Managed Switches (affected versions not specified)

Description The issue is related to errors in authentication within the web interface for managing the firmware of Cisco Small Business Smart and Managed Switches. This could allow a remote attacker to bypass authentication protections and gain unauthorized access to the management interface, potentially obtaining administrator privileges on the device. The vulnerability is due to the use of weak entropy generation for session identifier values, which an attacker could exploit through brute force to determine a current session identifier and reuse it to take over an ongoing session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.