CVE-2021-34757
published 2021-10-06CVE-2021-34757: Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login…
PriorityP426medium5.5CVSS 3.1
AVPACLPRHUINSUCHIHAN
EPSS
0.60%
44.4th percentile
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | business_220-16p-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-16t-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24fp-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24fp-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24p-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24p-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24t-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24t-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48fp-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48p-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48p-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48t-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48t-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-8fp-e-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-8p-e-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-8t-e-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220_series_smart_switches_static_key_and_password | — | — |
| cisco | cisco_small_business_220_series_smart_plus_switches | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N
vendor_cisco5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8q5v-c5jp-qp9p: Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitiv
ghsa_unreviewed·2022-05-24
CVE-2021-34757 [MEDIUM] CWE-200 GHSA-8q5v-c5jp-qp9p: Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitiv
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
Cisco
Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities
vendor_cisco·2021-10-06·CVSS 5.5
CVE-2021-34744 [MEDIUM] CWE-540 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities
Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX
Cisco
Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-34757 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities
CVE-2021-34757: Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-540, CWE-540
Bug IDs: CSCvy90709, CSCvy90713, CSCvy90709, CSCvy90713
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-06
Published