CVE-2021-40127

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 64.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Small Business Smart AND Managed Switches Cisco Sf300-08 Firmware Cisco Sf300-24 Firmware +26 more

Timeline

PublishedNov 4

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a craf…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages29 packages

▶CVEListV5cisco/cisco_small_business_smart_and_managed_switchesn/a

▶NVDcisco/sf300-08_firmware1.4.11.02

▶NVDcisco/sf300-24_firmware1.4.11.02

▶NVDcisco/sf300-48_firmware1.4.11.02

▶NVDcisco/sf302-08_firmware1.4.11.02

🔴Vulnerability Details

GHSA

GHSA-mq2g-mwpw-5386: A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switc↗2022-05-24

▶

CVEList

Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability↗2021-11-04

▶

📋Vendor Advisories

Cisco

Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability↗2021-11-03

▶