CVE-2021-34780
published 2021-10-06CVE-2021-34780: Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An…
PriorityP349high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.50%
39.3th percentile
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | business_220-16p-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-16t-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24fp-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24fp-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24p-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24p-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24t-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-24t-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48fp-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48p-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48p-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48t-4g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-48t-4x_firmware | <= 1.2.0.6 | — |
| cisco | business_220-8fp-e-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-8p-e-2g_firmware | <= 1.2.0.6 | — |
| cisco | business_220-8t-e-2g_firmware | <= 1.2.0.6 | — |
| cisco | cisco_small_business_200_series_smart_switches | — | — |
| cisco | small_business_220_series_smart_switches_link_layer_discovery_protocol | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.9HIGHAV:A/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x42j-7wwr-wxrm: Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches
ghsa_unreviewed·2022-05-24
CVE-2021-34780 [HIGH] CWE-120 GHSA-x42j-7wwr-wxrm: Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Cisco
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
vendor_cisco·2021-10-06·CVSS 8.8
CVE-2021-34775 [HIGH] CWE-120 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following:
Execute code on the affected device or cause it to reload unexpectedly
Cause LLDP database corruption on the affected device
For more information about these vulnerabilities, see the Details section of this advisory.
Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Cisco has released firmware updates that address these vulnerabilities. There are no workarounds that address these vu
Cisco
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-34780 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
CVE-2021-34780: Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-120, CWE-125, CWE-120, CWE-125
Bug IDs: CSCvz29108, CSCvz29116, CSCvz29120, CSCvz29108, CSCvz29116
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-06
Published