CVE-2021-1543
published 2021-06-16CVE-2021-1543: Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following…
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
9.32%
94.8th percentile
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_220_series_smart_plus_switches | — | — |
| cisco | sf220-24_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | sf220-24p_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | sf220-48_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | sf220-48p_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | sg220-26_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | sg220-26p_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | sg220-28mp_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | sg220-50_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | sg220-50p_firmware | < 1.2.0.6 | 1.2.0.6 |
| cisco | small_business_220_series_smart_switches | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business 220 Series Smart Switches Vulnerabilities
vendor_cisco·2021-06-16·CVSS 7.5
CVE-2021-1541 [HIGH] CWE-287 Cisco Small Business 220 Series Smart Switches Vulnerabilities
Cisco Small Business 220 Series Smart Switches Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following:
Hijack a user session
Execute arbitrary commands as a root user on the underlying operating system
Conduct a cross-site scripting (XSS) attack
Conduct an HTML injection attack
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E
Cisco
Cisco Small Business 220 Series Smart Switches Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1543 Cisco Small Business 220 Series Smart Switches Vulnerabilities
CVE-2021-1543: Cisco Small Business 220 Series Smart Switches Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-287, CWE-77, CWE-79, CWE-287, CWE-77, CWE-79
Bug IDs: CSCvx57830, CSCvx57925, CSCvx57935, CSCvx57925, CSCvx57935
GHSA
GHSA-m9xj-cg7r-3q86: Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the fol
ghsa_unreviewed·2022-05-24
CVE-2021-1543 [MEDIUM] CWE-287 GHSA-m9xj-cg7r-3q86: Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the fol
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
No detection rules found.
No public exploits indexed.
2021-06-16
Published