Lucene search

[email protected]CVE-2021-34780

HistoryOct 06, 2021 - 8:15 p.m.

CVE-2021-34780

2021-10-0620:15:00

CWE-120

[email protected]

web.nvd.nist.gov

cve-2021-34780

cisco

small business

220 series

smart switch

lldp

vulnerabilities

nvd

security advisory

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

29.1%

JSON

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

CPENameOperatorVersion
cisco:business_220-8t-e-2g_firmwarecisco business 220-8t-e-2g firmwarele1.2.0.6
cisco:business_220-8p-e-2g_firmwarecisco business 220-8p-e-2g firmwarele1.2.0.6
cisco:business_220-8fp-e-2g_firmwarecisco business 220-8fp-e-2g firmwarele1.2.0.6
cisco:business_220-16t-2g_firmwarecisco business 220-16t-2g firmwarele1.2.0.6
cisco:business_220-16p-2g_firmwarecisco business 220-16p-2g firmwarele1.2.0.6
cisco:business_220-24t-4g_firmwarecisco business 220-24t-4g firmwarele1.2.0.6
cisco:business_220-24p-4g_firmwarecisco business 220-24p-4g firmwarele1.2.0.6
cisco:business_220-24fp-4g_firmwarecisco business 220-24fp-4g firmwarele1.2.0.6
cisco:business_220-48t-4g_firmwarecisco business 220-48t-4g firmwarele1.2.0.6
cisco:business_220-48p-4g_firmwarecisco business 220-48p-4g firmwarele1.2.0.6

CPE	Name	Operator	Version
cisco:business_220-8t-e-2g_firmware	cisco business 220-8t-e-2g firmware	le	1.2.0.6
cisco:business_220-8p-e-2g_firmware	cisco business 220-8p-e-2g firmware	le	1.2.0.6
cisco:business_220-8fp-e-2g_firmware	cisco business 220-8fp-e-2g firmware	le	1.2.0.6
cisco:business_220-16t-2g_firmware	cisco business 220-16t-2g firmware	le	1.2.0.6
cisco:business_220-16p-2g_firmware	cisco business 220-16p-2g firmware	le	1.2.0.6
cisco:business_220-24t-4g_firmware	cisco business 220-24t-4g firmware	le	1.2.0.6
cisco:business_220-24p-4g_firmware	cisco business 220-24p-4g firmware	le	1.2.0.6
cisco:business_220-24fp-4g_firmware	cisco business 220-24fp-4g firmware	le	1.2.0.6
cisco:business_220-48t-4g_firmware	cisco business 220-48t-4g firmware	le	1.2.0.6
cisco:business_220-48p-4g_firmware	cisco business 220-48p-4g firmware	le	1.2.0.6

Rows per page:

1-10 of 161

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

29.1%

JSON

Related for CVE-2021-34780

cvelist1 prion1 cisco1