CVE-2021-34777 — Classic Buffer Overflow in Cisco Business 220-16p-2g Firmware

CWE-120 — Classic Buffer Overflow CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 60.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Business 220-16p-2g Firmware Cisco Business 220-16t-2g Firmware Cisco Business 220-24fp-4g Firmware +14 more

Timeline

PublishedOct 6

Latest updateMay 24

Description

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an att…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages17 packages

▶CVEListV5cisco/cisco_small_business_200_series_smart_switchesn/a

▶NVDcisco/business_220-16p-2g_firmware1.2.0.6

▶NVDcisco/business_220-16t-2g_firmware1.2.0.6

▶NVDcisco/business_220-24p-4g_firmware1.2.0.6

▶NVDcisco/business_220-24p-4x_firmware1.2.0.6

🔴Vulnerability Details

GHSA

GHSA-qc8v-frvx-5395: Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches↗2022-05-24

▶

CVEList

Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities↗2021-10-06

▶

📋Vendor Advisories

Cisco

Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities↗2021-10-06

▶