cbcvebase.
CVE-2021-34744
published 2021-10-06

CVE-2021-34744: Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login…

PriorityP426medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.73%
49.4th percentile
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.

Affected

18 ranges
VendorProductVersion rangeFixed in
ciscobusiness_220-16p-2g_firmware<= 1.2.0.6
ciscobusiness_220-16t-2g_firmware<= 1.2.0.6
ciscobusiness_220-24fp-4g_firmware<= 1.2.0.6
ciscobusiness_220-24fp-4x_firmware<= 1.2.0.6
ciscobusiness_220-24p-4g_firmware<= 1.2.0.6
ciscobusiness_220-24p-4x_firmware<= 1.2.0.6
ciscobusiness_220-24t-4g_firmware<= 1.2.0.6
ciscobusiness_220-24t-4x_firmware<= 1.2.0.6
ciscobusiness_220-48fp-4x_firmware<= 1.2.0.6
ciscobusiness_220-48p-4g_firmware<= 1.2.0.6
ciscobusiness_220-48p-4x_firmware<= 1.2.0.6
ciscobusiness_220-48t-4g_firmware<= 1.2.0.6
ciscobusiness_220-48t-4x_firmware<= 1.2.0.6
ciscobusiness_220-8fp-e-2g_firmware<= 1.2.0.6
ciscobusiness_220-8p-e-2g_firmware<= 1.2.0.6
ciscobusiness_220-8t-e-2g_firmware<= 1.2.0.6
ciscobusiness_220_series_smart_switches_static_key_and_password
ciscocisco_small_business_220_series_smart_plus_switches

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_cisco5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.