cbcvebase.
CVE-2021-34778
published 2021-10-06

CVE-2021-34778: Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An…

PriorityP421medium4.3CVSS 3.1
AVAACLPRNUINSUCNILAN
EPSS
0.40%
31.6th percentile
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

Affected

18 ranges
VendorProductVersion rangeFixed in
ciscobusiness_220-16p-2g_firmware<= 1.2.0.6
ciscobusiness_220-16t-2g_firmware<= 1.2.0.6
ciscobusiness_220-24fp-4g_firmware<= 1.2.0.6
ciscobusiness_220-24fp-4x_firmware<= 1.2.0.6
ciscobusiness_220-24p-4g_firmware<= 1.2.0.6
ciscobusiness_220-24p-4x_firmware<= 1.2.0.6
ciscobusiness_220-24t-4g_firmware<= 1.2.0.6
ciscobusiness_220-24t-4x_firmware<= 1.2.0.6
ciscobusiness_220-48fp-4x_firmware<= 1.2.0.6
ciscobusiness_220-48p-4g_firmware<= 1.2.0.6
ciscobusiness_220-48p-4x_firmware<= 1.2.0.6
ciscobusiness_220-48t-4g_firmware<= 1.2.0.6
ciscobusiness_220-48t-4x_firmware<= 1.2.0.6
ciscobusiness_220-8fp-e-2g_firmware<= 1.2.0.6
ciscobusiness_220-8p-e-2g_firmware<= 1.2.0.6
ciscobusiness_220-8t-e-2g_firmware<= 1.2.0.6
ciscocisco_small_business_200_series_smart_switches
ciscosmall_business_220_series_smart_switches_link_layer_discovery_protocol

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.02.9LOWAV:A/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.