CVE-2021-34780Classic Buffer Overflow in Cisco Business 220-16p-2g Firmware

CWE-120Classic Buffer OverflowCWE-125Out-of-bounds Read4 documents4 sources
Severity
8.8HIGHNVD
CNA4.3
EPSS
0.1%
top 65.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Cisco Business 220-16p-2g FirmwareCisco Business 220-16t-2g FirmwareCisco Business 220-24fp-4g Firmware+14 more
Timeline
PublishedOct 6
Latest updateMay 24

Description

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an att

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages17 packages

🔴Vulnerability Details

2
GHSA
GHSA-x42j-7wwr-wxrm: Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches2022-05-24
CVEList
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities2021-10-06

📋Vendor Advisories

1
Cisco
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities2021-10-06
CVE-2021-34780 — Classic Buffer Overflow in Cisco | cvebase