CVE-2021-34744Inclusion of Sensitive Information in Source Code in Cisco Business 220-16p-2g Firmware

CWE-540Inclusion of Sensitive Information in Source CodeCWE-798Hard-coded CredentialsCWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 47.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Cisco Business 220-16p-2g FirmwareCisco Business 220-16t-2g FirmwareCisco Business 220-24fp-4g Firmware+14 more
Timeline
PublishedOct 6
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages17 packages

🔴Vulnerability Details

2
GHSA
GHSA-6p84-q2x8-cmx7: Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitiv2022-05-24
CVEList
Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities2021-10-06

📋Vendor Advisories

1
Cisco
Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities2021-10-06
CVE-2021-34744 — Cisco vulnerability | cvebase