Lucene search

[email protected]CVE-2021-1543

HistoryJun 16, 2021 - 6:15 p.m.

CVE-2021-1543

2021-06-1618:15:08

CWE-287

CWE-79

[email protected]

web.nvd.nist.gov

cisco

small business

220 series

smart switches

vulnerabilities

attack

hijacking

session

commands

xss

html injection

nvd

cve-2021-1543

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

NVD

Node

ciscosf220-24_firmwareRange<1.2.0.6

AND

ciscosf220-24Match-

Node

ciscosf220-24p_firmwareRange<1.2.0.6

AND

ciscosf220-24pMatch-

Node

ciscosf220-48_firmwareRange<1.2.0.6

AND

ciscosf220-48Match-

Node

ciscosf220-48p_firmwareRange<1.2.0.6

AND

ciscosf220-48pMatch-

Node

ciscosg220-26_firmwareRange<1.2.0.6

AND

ciscosg220-26Match-

Node

ciscosg220-26p_firmwareRange<1.2.0.6

AND

ciscosg220-26pMatch-

Node

ciscosg220-28mp_firmwareRange<1.2.0.6

AND

ciscosg220-28mpMatch-

Node

ciscosg220-50_firmwareRange<1.2.0.6

AND

ciscosg220-50Match-

Node

ciscosg220-50p_firmwareRange<1.2.0.6

AND

ciscosg220-50pMatch-

CPENameOperatorVersion
cisco:sf220-24_firmwarecisco sf220-24 firmwarelt1.2.0.6

CPE	Name	Operator	Version
cisco:sf220-24_firmware	cisco sf220-24 firmware	lt	1.2.0.6

CNA Affected

[
  {
    "product": "Cisco Small Business 220 Series Smart Plus Switches ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

Related for CVE-2021-1543

prion1 nvd1 cvelist1 cisco1 threatpost1