Input validation

2021-11-0416:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition.

CPENameOperatorVersion
sf300-08_firmwareeq1.4.11.02
sf300-24_firmwareeq1.4.11.02
sf300-24mp_firmwareeq1.4.11.02
sf300-24p_firmwareeq1.4.11.02
sf300-24pp_firmwareeq1.4.11.02
sf300-48_firmwareeq1.4.11.02
sf300-48p_firmwareeq1.4.11.02
sf300-48pp_firmwareeq1.4.11.02
sf302-08_firmwareeq1.4.11.02
sf302-08mp_firmwareeq1.4.11.02

Name	Operator	Version
sf300-08_firmware	eq	1.4.11.02
sf300-24_firmware	eq	1.4.11.02
sf300-24mp_firmware	eq	1.4.11.02
sf300-24p_firmware	eq	1.4.11.02
sf300-24pp_firmware	eq	1.4.11.02
sf300-48_firmware	eq	1.4.11.02
sf300-48p_firmware	eq	1.4.11.02
sf300-48pp_firmware	eq	1.4.11.02
sf302-08_firmware	eq	1.4.11.02
sf302-08mp_firmware	eq	1.4.11.02