cbcvebase.
CVE-2021-40113
published 2021-11-04

CVE-2021-40113: Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.63%
90.6th percentile
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.

Affected

7 ranges
VendorProductVersion rangeFixed in
ciscocatalyst_pon_series_switches_optical_network_terminal
ciscocatalyst_pon_switch_cgp-ont-1p_firmware< 1.1.1.141.1.1.14
ciscocatalyst_pon_switch_cgp-ont-4p_firmware< 1.1.3.171.1.3.17
ciscocatalyst_pon_switch_cgp-ont-4pv_firmware< 1.1.3.171.1.3.17
ciscocatalyst_pon_switch_cgp-ont-4pvc_firmware< 1.1.3.171.1.3.17
ciscocatalyst_pon_switch_cgp-ont-4tvcw_firmware< 1.1.3.171.1.3.17
ciscocisco_catalyst_pon_series

Detection & IOCsextracted from sources · hover to see the quote

  • Unauthenticated remote attacker can log in using a default credential when Telnet protocol is enabled on the Cisco Catalyst PON Series Switches ONT web-based management interface
  • Unauthenticated remote attacker can perform command injection via the web-based management interface of Cisco Catalyst PON Series Switches ONT
  • Unauthenticated remote attacker can modify device configuration via the web-based management interface of Cisco Catalyst PON Series Switches ONT
  • ·CVE-2021-40113 is associated with CWE-798 (Use of Hard-coded Credentials), CWE-288 (Authentication Bypass), and CWE-284 (Improper Access Control); exploitation requires Telnet to be enabled on the device
  • ·There are no workarounds that address these vulnerabilities; Cisco has released software updates to remediate them

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.