CVE-2021-40112
published 2021-11-04CVE-2021-40112: Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal…
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.39%
68.8th percentile
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | catalyst_pon_series_switches_optical_network_terminal | — | — |
| cisco | catalyst_pon_switch_cgp-ont-1p_firmware | < 1.1.1.14 | 1.1.1.14 |
| cisco | catalyst_pon_switch_cgp-ont-4p_firmware | < 1.1.3.17 | 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4pv_firmware | < 1.1.3.17 | 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4pvc_firmware | < 1.1.3.17 | 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4tvcw_firmware | < 1.1.3.17 | 1.1.3.17 |
| cisco | cisco_catalyst_pon_series | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
vendor_cisco·2021-11-03·CVSS 10.0
CVE-2021-34795 [CRITICAL] CWE-284 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:
Log in with a default credential if the Telnet protocol is enabled
Perform command injection
Modify the configuration
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s
Cisco
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-40112 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
CVE-2021-40112: Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-284, CWE-288, CWE-798, CWE-284, CWE-288, CWE-798
Bug IDs: CSCvz61943, CSCvz61948, CSCvz67097, CSCvz67097, CSCvz61948
GHSA
GHSA-xj98-pcc3-hvhq: Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Ter
ghsa_unreviewed·2022-05-24
CVE-2021-40112 [HIGH] CWE-20 GHSA-xj98-pcc3-hvhq: Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Ter
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-04
Published