cbcvebase.
CVE-2021-40112
published 2021-11-04

CVE-2021-40112: Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal…

PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.39%
68.8th percentile
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.

Affected

7 ranges
VendorProductVersion rangeFixed in
ciscocatalyst_pon_series_switches_optical_network_terminal
ciscocatalyst_pon_switch_cgp-ont-1p_firmware< 1.1.1.141.1.1.14
ciscocatalyst_pon_switch_cgp-ont-4p_firmware< 1.1.3.171.1.3.17
ciscocatalyst_pon_switch_cgp-ont-4pv_firmware< 1.1.3.171.1.3.17
ciscocatalyst_pon_switch_cgp-ont-4pvc_firmware< 1.1.3.171.1.3.17
ciscocatalyst_pon_switch_cgp-ont-4tvcw_firmware< 1.1.3.171.1.3.17
ciscocisco_catalyst_pon_series

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.