Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
3
Replies

Question about vulnerabilities on a Cisco SG-200 switch

Go to solution
NBFoster
Level 1
Level 1

‎02-09-2023 12:39 PM

Hi,

I have a Cisco Small Business SG-200-50P switch. Version 1.3.0.62.

The Small Business 200 switches are affected by a session management vulnerability seen here :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY

Also, Nessus vulnerability scanner is showing a critical vulnerability due to "SSL Version 2 and 3 protocol detection."

I believe software support for this model went end-of-life in 2019.  Is there anything I can do to fix this and continue to use the switch, or would it be a good idea to replace it?  How concerned should I be?  The management interface is internal on the LAN, not exposed to the internet.  If a bad actor took advantage of the vulnerability on the network and gained admin over the switch, what kinds of things could they do?  What is your comfort level with end of life Cisco equipment?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pieterh
VIP
VIP
In response to balaji.bandi

‎02-10-2023 07:37 AM

>>> what kinds of things could they do? <<<

is described in the document: The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device.
-> the attacker could make changes to your configuration, with severe impact on your network
- the attacker could create a monitor port and eavesdrop on all traffic passing this switch

if you have taken additional measures to secure access to the device
- e.g. separate management network
- and/or limiting physical access
- NOT use the web interface, only CLI
then risk may be acceptable

if this switch is crucial to your business, then it's a good idea to consider replacement

btw, i've seen some posts (i believe this was from Leo Laohoo), it may be possible to obtain the latest firmware based on a security advisory

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-09-2023 01:53 PM

Try upgrading to  1.4.11.5 

It all depends on how the security is exposed, sometimes locally other compromised host can also take advantage if you are sure all are protected with FW its ok, but again depend how you judge your network's secure.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
pieterh
VIP
VIP
In response to balaji.bandi

‎02-10-2023 07:37 AM

>>> what kinds of things could they do? <<<

is described in the document: The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device.
-> the attacker could make changes to your configuration, with severe impact on your network
- the attacker could create a monitor port and eavesdrop on all traffic passing this switch

if you have taken additional measures to secure access to the device
- e.g. separate management network
- and/or limiting physical access
- NOT use the web interface, only CLI
then risk may be acceptable

if this switch is crucial to your business, then it's a good idea to consider replacement

btw, i've seen some posts (i believe this was from Leo Laohoo), it may be possible to obtain the latest firmware based on a security advisory

0 Helpful

Go to solution
NBFoster
Level 1
Level 1
In response to pieterh

‎02-10-2023 07:41 AM

Thank you, very helpful!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card