CVE-2021-34795
published 2021-11-04CVE-2021-34795: Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.75%
75.0th percentile
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | catalyst_pon_series_switches_optical_network_terminal | — | — |
| cisco | catalyst_pon_switch_cgp-ont-1p_firmware | < 1.1.1.14 | 1.1.1.14 |
| cisco | catalyst_pon_switch_cgp-ont-4p_firmware | < 1.1.3.17 | 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4pv_firmware | < 1.1.3.17 | 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4pvc_firmware | < 1.1.3.17 | 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4tvcw_firmware | < 1.1.3.17 | 1.1.3.17 |
| cisco | cisco_catalyst_pon_series | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated login attempts to Cisco Catalyst PON ONT devices using default credentials over Telnet (when Telnet protocol is enabled) ↗
- →Monitor the web-based management interface of Cisco Catalyst PON Series Switches ONT for unauthenticated remote access attempts, command injection payloads, and unauthorized configuration modification requests ↗
- ·Telnet must be enabled on the device for the default-credential login vector (CVE-2021-34795) to be exploitable; disabling Telnet reduces attack surface for that specific vector ↗
- ·No workarounds are available for any of the vulnerabilities in this advisory; software updates are the only remediation ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
vendor_cisco·2021-11-03·CVSS 10.0
CVE-2021-34795 [CRITICAL] CWE-284 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:
Log in with a default credential if the Telnet protocol is enabled
Perform command injection
Modify the configuration
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s
Cisco
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-34795 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
CVE-2021-34795: Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-284, CWE-288, CWE-798, CWE-284, CWE-288, CWE-798
Bug IDs: CSCvz61943, CSCvz61948, CSCvz67097, CSCvz67097, CSCvz61948
GHSA
GHSA-68r9-5xr5-xj6j: Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Ter
ghsa_unreviewed·2022-05-24
CVE-2021-34795 [CRITICAL] CWE-1188 GHSA-68r9-5xr5-xj6j: Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Ter
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-04
Published