CVE-2023-20188

Name of the Vulnerable Software and Affected Versions Cisco Small Business 200 Series Smart Switches (affected versions not specified) Cisco Small Business 300 Series Managed Switches (affected versions not specified) Cisco Small Business 500 Series Stackable Managed Switches (affected versions not specified)

Description The vulnerability in the web-based management interface of Cisco Small Business switches is related to insufficient validation of user-supplied input, allowing an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. An attacker could exploit this by persuading a user to view a page with malicious HTML or script content, potentially executing arbitrary script code or accessing sensitive browser-based information. The attacker would need valid credentials to access the web-based management interface.

Recommendations For Cisco Small Business 200 Series Smart Switches, restrict access to the web-based management interface until a fix is available. For Cisco Small Business 300 Series Managed Switches, consider disabling the web-based management interface as a temporary workaround until a patch is released. For Cisco Small Business 500 Series Stackable Managed Switches, avoid using the interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.