Cisco Small Business 220 Series Smart Switches Vulnerabilities

2021-06-1616:00:00

tools.cisco.com

cisco

small business 220 series

smart switches

vulnerabilities

web-based management

session hijacking

arbitrary command execution

xss

html injection

software updates

EPSS

0.002

Percentile

54.0%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following:

Hijack a user session
Execute arbitrary commands as a root user on the underlying operating system
Conduct a cross-site scripting (XSS) attack
Conduct an HTML injection attack

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E”]

Affected configurations

Vulners

Node

ciscosmall_business_220_series_smart_plus_switchesMatchany

ciscosmall_business_srp541wMatch220_series_smart_plus_switches

ciscosmall_business_220_series_smart_plus_switchesMatchany

VendorProductVersionCPE
ciscosmall_business_220_series_smart_plus_switchesanycpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:any:*:*:*:*:*:*:*
ciscosmall_business_srp541w220_series_smart_plus_switchescpe:2.3:h:cisco:small_business_srp541w:220_series_smart_plus_switches:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	small_business_220_series_smart_plus_switches	any	cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:any:::::::*
cisco	small_business_srp541w	220_series_smart_plus_switches	cpe:2.3:h:cisco:small_business_srp541w:220_series_smart_plus_switches:::::::*