Given widespread use of Cisco Small Business Switches, the critical exploitability rating (CVSS 9.8), and the public availability of proof-of-concept exploit code, members are encouraged to review the Cisco security advisory for impacted components in your environment and address accordingly.

Cisco released a security advisory for multiple critical vulnerabilities impacting the web-based user interface of certain Cisco Small Business Series Switches. Successful exploitation could allow an unauthenticated, remote attacker to cause a denial of service (DoS), execute arbitrary code with root privilege, or gain access to unauthorized information. While exploit code is publicly available, Cisco is not currently aware of any active exploitation.

WaterISAC encourages members to assess their level of risk regarding the vulnerabilities identified and ensure mitigations are applied to prevent exploitation. Read the full advisory at Cisco.