Using Cisco Small Business 220 Series switches? Time to roll up your sleeves and get patching…:
[…] In a security advisory published today, Cisco said attackers can leverage the authentication bypass vulnerability to upload files on Cisco 220 switches, either to replace configuration files or plant a reverse shell.
The second bug, and the most dangerous of the three, allows attackers to malicious code with root privileges, effectively allowing attackers to take over devices with a simple HTTP o HTTPS request aimed at unpatched switches.
PATCHES AND BASIC MITIGATIONS ARE AVAILABLE
The good news is that the three vulnerabilities reside in the switches’ web management interface. Device owners can either turn off the web management interface or install the updates Cisco released today.