All the vulnerabilites related to cisco - business_220-24t-4g
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F57E1F8-E627-4113-A443-A6DB80236233",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16987EB7-0097-462F-9ED6-BD99328069EE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50706ED0-C8BD-4300-A139-E3CD06D0F889",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "694AD646-37B9-413B-98E8-0D7E3638CF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912D0893-5C74-498C-91F2-3BDE746658FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609956AC-1496-49D5-B9F4-620AA9B08FDB",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C843-285B-4811-8A58-9CE40DC9A156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972E3541-9384-4A5B-9528-9CE264A89779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7337547E-A891-45DD-B4B7-126080520F19",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C387F-1656-4D4A-9245-38E50819AA70",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82D534-9E35-4F71-8E93-1255FF492AF0",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C849A07-4AE9-4593-A2F6-17014F672DC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAE9D5-701D-4936-865D-04F16E61CF7F",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7125313E-2FDB-4AC8-A84C-AD1837856436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "Varias vulnerabilidades en el firmware de Cisco Business 220 Series Smart Switches podr\u00edan permitir a un atacante con privilegios de administrador acceder a credenciales de inicio de sesi\u00f3n confidenciales o reconfigurar las contrase\u00f1as de la cuenta de usuario. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
}
],
"id": "CVE-2021-34744",
"lastModified": "2024-11-21T06:11:06.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-06T20:15:10.393",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-540"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F57E1F8-E627-4113-A443-A6DB80236233",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16987EB7-0097-462F-9ED6-BD99328069EE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50706ED0-C8BD-4300-A139-E3CD06D0F889",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "694AD646-37B9-413B-98E8-0D7E3638CF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912D0893-5C74-498C-91F2-3BDE746658FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609956AC-1496-49D5-B9F4-620AA9B08FDB",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C843-285B-4811-8A58-9CE40DC9A156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972E3541-9384-4A5B-9528-9CE264A89779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7337547E-A891-45DD-B4B7-126080520F19",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C387F-1656-4D4A-9245-38E50819AA70",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82D534-9E35-4F71-8E93-1255FF492AF0",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C849A07-4AE9-4593-A2F6-17014F672DC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAE9D5-701D-4936-865D-04F16E61CF7F",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7125313E-2FDB-4AC8-A84C-AD1837856436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan varias vulnerabilidades en la implementaci\u00f3n del Protocolo de Detecci\u00f3n de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podr\u00eda llevar a cabo lo siguiente: Ejecutar c\u00f3digo en el dispositivo afectado o causar su recarga inesperada. Causar una corrupci\u00f3n de la base de datos LLDP en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades"
}
],
"id": "CVE-2021-34778",
"lastModified": "2024-11-21T06:11:10.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-06T20:15:15.833",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F57E1F8-E627-4113-A443-A6DB80236233",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16987EB7-0097-462F-9ED6-BD99328069EE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50706ED0-C8BD-4300-A139-E3CD06D0F889",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "694AD646-37B9-413B-98E8-0D7E3638CF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912D0893-5C74-498C-91F2-3BDE746658FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609956AC-1496-49D5-B9F4-620AA9B08FDB",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C843-285B-4811-8A58-9CE40DC9A156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972E3541-9384-4A5B-9528-9CE264A89779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7337547E-A891-45DD-B4B7-126080520F19",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C387F-1656-4D4A-9245-38E50819AA70",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82D534-9E35-4F71-8E93-1255FF492AF0",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C849A07-4AE9-4593-A2F6-17014F672DC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAE9D5-701D-4936-865D-04F16E61CF7F",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7125313E-2FDB-4AC8-A84C-AD1837856436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan varias vulnerabilidades en la implementaci\u00f3n del Protocolo de Detecci\u00f3n de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podr\u00eda llevar a cabo lo siguiente: Ejecutar c\u00f3digo en el dispositivo afectado o causar su recarga inesperada. Causar una corrupci\u00f3n de la base de datos LLDP en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades"
}
],
"id": "CVE-2021-34775",
"lastModified": "2024-11-21T06:11:10.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-06T20:15:14.447",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F57E1F8-E627-4113-A443-A6DB80236233",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16987EB7-0097-462F-9ED6-BD99328069EE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50706ED0-C8BD-4300-A139-E3CD06D0F889",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "694AD646-37B9-413B-98E8-0D7E3638CF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912D0893-5C74-498C-91F2-3BDE746658FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609956AC-1496-49D5-B9F4-620AA9B08FDB",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C843-285B-4811-8A58-9CE40DC9A156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972E3541-9384-4A5B-9528-9CE264A89779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7337547E-A891-45DD-B4B7-126080520F19",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C387F-1656-4D4A-9245-38E50819AA70",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82D534-9E35-4F71-8E93-1255FF492AF0",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C849A07-4AE9-4593-A2F6-17014F672DC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAE9D5-701D-4936-865D-04F16E61CF7F",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7125313E-2FDB-4AC8-A84C-AD1837856436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan varias vulnerabilidades en la implementaci\u00f3n del Protocolo de Detecci\u00f3n de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podr\u00eda llevar a cabo lo siguiente: Ejecutar c\u00f3digo en el dispositivo afectado o causar su recarga inesperada. Causar una corrupci\u00f3n de la base de datos LLDP en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades"
}
],
"id": "CVE-2021-34779",
"lastModified": "2024-11-21T06:11:10.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-06T20:15:16.710",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F57E1F8-E627-4113-A443-A6DB80236233",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16987EB7-0097-462F-9ED6-BD99328069EE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50706ED0-C8BD-4300-A139-E3CD06D0F889",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "694AD646-37B9-413B-98E8-0D7E3638CF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912D0893-5C74-498C-91F2-3BDE746658FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609956AC-1496-49D5-B9F4-620AA9B08FDB",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C843-285B-4811-8A58-9CE40DC9A156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972E3541-9384-4A5B-9528-9CE264A89779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7337547E-A891-45DD-B4B7-126080520F19",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C387F-1656-4D4A-9245-38E50819AA70",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82D534-9E35-4F71-8E93-1255FF492AF0",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C849A07-4AE9-4593-A2F6-17014F672DC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAE9D5-701D-4936-865D-04F16E61CF7F",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7125313E-2FDB-4AC8-A84C-AD1837856436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan varias vulnerabilidades en la implementaci\u00f3n del Protocolo de Detecci\u00f3n de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podr\u00eda llevar a cabo lo siguiente: Ejecutar c\u00f3digo en el dispositivo afectado o causar su recarga inesperada. Causar una corrupci\u00f3n de la base de datos LLDP en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades"
}
],
"id": "CVE-2021-34777",
"lastModified": "2024-11-21T06:11:10.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-06T20:15:15.090",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F57E1F8-E627-4113-A443-A6DB80236233",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16987EB7-0097-462F-9ED6-BD99328069EE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50706ED0-C8BD-4300-A139-E3CD06D0F889",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "694AD646-37B9-413B-98E8-0D7E3638CF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912D0893-5C74-498C-91F2-3BDE746658FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609956AC-1496-49D5-B9F4-620AA9B08FDB",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C843-285B-4811-8A58-9CE40DC9A156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972E3541-9384-4A5B-9528-9CE264A89779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7337547E-A891-45DD-B4B7-126080520F19",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C387F-1656-4D4A-9245-38E50819AA70",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82D534-9E35-4F71-8E93-1255FF492AF0",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C849A07-4AE9-4593-A2F6-17014F672DC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAE9D5-701D-4936-865D-04F16E61CF7F",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7125313E-2FDB-4AC8-A84C-AD1837856436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "Varias vulnerabilidades en el firmware de Cisco Business 220 Series Smart Switches podr\u00edan permitir a un atacante con privilegios de administrador acceder a credenciales de inicio de sesi\u00f3n confidenciales o reconfigurar las contrase\u00f1as de la cuenta de usuario. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
}
],
"id": "CVE-2021-34757",
"lastModified": "2024-11-21T06:11:07.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-06T20:15:10.947",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-540"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F57E1F8-E627-4113-A443-A6DB80236233",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16987EB7-0097-462F-9ED6-BD99328069EE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50706ED0-C8BD-4300-A139-E3CD06D0F889",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "694AD646-37B9-413B-98E8-0D7E3638CF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912D0893-5C74-498C-91F2-3BDE746658FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609956AC-1496-49D5-B9F4-620AA9B08FDB",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C843-285B-4811-8A58-9CE40DC9A156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972E3541-9384-4A5B-9528-9CE264A89779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7337547E-A891-45DD-B4B7-126080520F19",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C387F-1656-4D4A-9245-38E50819AA70",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82D534-9E35-4F71-8E93-1255FF492AF0",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C849A07-4AE9-4593-A2F6-17014F672DC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAE9D5-701D-4936-865D-04F16E61CF7F",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7125313E-2FDB-4AC8-A84C-AD1837856436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan varias vulnerabilidades en la implementaci\u00f3n del Protocolo de Detecci\u00f3n de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podr\u00eda llevar a cabo lo siguiente: Ejecutar c\u00f3digo en el dispositivo afectado o causar su recarga inesperada. Causar una corrupci\u00f3n de la base de datos LLDP en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades"
}
],
"id": "CVE-2021-34776",
"lastModified": "2024-11-21T06:11:10.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-06T20:15:14.733",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F57E1F8-E627-4113-A443-A6DB80236233",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16987EB7-0097-462F-9ED6-BD99328069EE",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50706ED0-C8BD-4300-A139-E3CD06D0F889",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "694AD646-37B9-413B-98E8-0D7E3638CF7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912D0893-5C74-498C-91F2-3BDE746658FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609956AC-1496-49D5-B9F4-620AA9B08FDB",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C843-285B-4811-8A58-9CE40DC9A156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972E3541-9384-4A5B-9528-9CE264A89779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7337547E-A891-45DD-B4B7-126080520F19",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C387F-1656-4D4A-9245-38E50819AA70",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82D534-9E35-4F71-8E93-1255FF492AF0",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C849A07-4AE9-4593-A2F6-17014F672DC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CAE9D5-701D-4936-865D-04F16E61CF7F",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7125313E-2FDB-4AC8-A84C-AD1837856436",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
"versionEndIncluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades en la implementaci\u00f3n del Protocolo de Detecci\u00f3n de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podr\u00eda llevar a cabo lo siguiente: Ejecutar c\u00f3digo en el dispositivo afectado o causar su recarga inesperada. Causar una corrupci\u00f3n de la base de datos LLDP en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades"
}
],
"id": "CVE-2021-34780",
"lastModified": "2024-11-21T06:11:11.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-06T20:15:17.950",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-34777
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business 200 Series Smart Switches |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:18.228633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:49:44.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business 200 Series Smart Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:45:32",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34777",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business 200 Series Smart Switches",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
]
},
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34777",
"datePublished": "2021-10-06T19:45:33.022373Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T21:49:44.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34778
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business 200 Series Smart Switches |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:19.706737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:49:51.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business 200 Series Smart Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:45:27",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34778",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business 200 Series Smart Switches",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
]
},
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34778",
"datePublished": "2021-10-06T19:45:27.626395Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T21:49:51.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34776
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business 200 Series Smart Switches |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:16.739201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:49:38.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business 200 Series Smart Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:45:38",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34776",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business 200 Series Smart Switches",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
]
},
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34776",
"datePublished": "2021-10-06T19:45:38.353912Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T21:49:38.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34780
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:50
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business 200 Series Smart Switches |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:22.461147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:50:54.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business 200 Series Smart Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:45:16",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34780",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business 200 Series Smart Switches",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
]
},
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34780",
"datePublished": "2021-10-06T19:45:16.944722Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T21:50:54.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34744
Vulnerability from cvelistv5
Published
2021-10-06 19:46
Modified
2024-11-07 21:48
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business 220 Series Smart Plus Switches |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:07.335498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:48:45.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business 220 Series Smart Plus Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "CWE-540",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:46:15",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
}
],
"source": {
"advisory": "cisco-sa-sb-hardcoded-cred-MJCEXvX",
"defect": [
[
"CSCvy90709",
"CSCvy90713"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34744",
"STATE": "PUBLIC",
"TITLE": "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business 220 Series Smart Plus Switches",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-540"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
}
]
},
"source": {
"advisory": "cisco-sa-sb-hardcoded-cred-MJCEXvX",
"defect": [
[
"CSCvy90709",
"CSCvy90713"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34744",
"datePublished": "2021-10-06T19:46:15.969444Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T21:48:45.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34775
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business 200 Series Smart Switches |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:15.362514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:49:30.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business 200 Series Smart Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:45:43",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34775",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business 200 Series Smart Switches",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
]
},
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34775",
"datePublished": "2021-10-06T19:45:43.458913Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T21:49:30.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34779
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:50
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business 200 Series Smart Switches |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:21.274619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:50:05.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business 200 Series Smart Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:45:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
],
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34779",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business 200 Series Smart Switches",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
]
},
"source": {
"advisory": "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
"defect": [
[
"CSCvz29108",
"CSCvz29116",
"CSCvz29120",
"CSCvz29121",
"CSCvz29126",
"CSCvz29134"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34779",
"datePublished": "2021-10-06T19:45:22.334079Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T21:50:05.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34757
Vulnerability from cvelistv5
Published
2021-10-06 19:46
Modified
2024-11-07 21:48
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business 220 Series Smart Plus Switches |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:08.512662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:48:59.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business 220 Series Smart Plus Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "CWE-540",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:46:05",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
}
],
"source": {
"advisory": "cisco-sa-sb-hardcoded-cred-MJCEXvX",
"defect": [
[
"CSCvy90709",
"CSCvy90713"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34757",
"STATE": "PUBLIC",
"TITLE": "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business 220 Series Smart Plus Switches",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-540"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX"
}
]
},
"source": {
"advisory": "cisco-sa-sb-hardcoded-cred-MJCEXvX",
"defect": [
[
"CSCvy90709",
"CSCvy90713"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34757",
"datePublished": "2021-10-06T19:46:05.398513Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T21:48:59.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}