Vulnerabilites related to cisco - business_220-48fp-4x
cve-2021-34775
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:49
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Impacted products
Vendor Product Version
Cisco Cisco Small Business 200 Series Smart Switches Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.202Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34775",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:40:15.362514Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:49:30.953Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business 200 Series Smart Switches",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T19:45:43",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            },
         ],
         source: {
            advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            defect: [
               [
                  "CSCvz29108",
                  "CSCvz29116",
                  "CSCvz29120",
                  "CSCvz29121",
                  "CSCvz29126",
                  "CSCvz29134",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-06T16:00:00",
               ID: "CVE-2021-34775",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business 200 Series Smart Switches",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-120",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               defect: [
                  [
                     "CSCvz29108",
                     "CSCvz29116",
                     "CSCvz29120",
                     "CSCvz29121",
                     "CSCvz29126",
                     "CSCvz29134",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34775",
      datePublished: "2021-10-06T19:45:43.458913Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:49:30.953Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34779
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:50
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Impacted products
Vendor Product Version
Cisco Cisco Small Business 200 Series Smart Switches Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.262Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34779",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:40:21.274619Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:50:05.529Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business 200 Series Smart Switches",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T19:45:22",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            },
         ],
         source: {
            advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            defect: [
               [
                  "CSCvz29108",
                  "CSCvz29116",
                  "CSCvz29120",
                  "CSCvz29121",
                  "CSCvz29126",
                  "CSCvz29134",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-06T16:00:00",
               ID: "CVE-2021-34779",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business 200 Series Smart Switches",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-120",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               defect: [
                  [
                     "CSCvz29108",
                     "CSCvz29116",
                     "CSCvz29120",
                     "CSCvz29121",
                     "CSCvz29126",
                     "CSCvz29134",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34779",
      datePublished: "2021-10-06T19:45:22.334079Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:50:05.529Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34744
Vulnerability from cvelistv5
Published
2021-10-06 19:46
Modified
2024-11-07 21:48
Summary
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business 220 Series Smart Plus Switches Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.151Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34744",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:40:07.335498Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:48:45.164Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business 220 Series Smart Plus Switches",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-540",
                     description: "CWE-540",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T19:46:15",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
            },
         ],
         source: {
            advisory: "cisco-sa-sb-hardcoded-cred-MJCEXvX",
            defect: [
               [
                  "CSCvy90709",
                  "CSCvy90713",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-06T16:00:00",
               ID: "CVE-2021-34744",
               STATE: "PUBLIC",
               TITLE: "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business 220 Series Smart Plus Switches",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "5.5",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-540",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb-hardcoded-cred-MJCEXvX",
               defect: [
                  [
                     "CSCvy90709",
                     "CSCvy90713",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34744",
      datePublished: "2021-10-06T19:46:15.969444Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:48:45.164Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34780
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:50
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Impacted products
Vendor Product Version
Cisco Cisco Small Business 200 Series Smart Switches Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.169Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34780",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:40:22.461147Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:50:54.851Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business 200 Series Smart Switches",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T19:45:16",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            },
         ],
         source: {
            advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            defect: [
               [
                  "CSCvz29108",
                  "CSCvz29116",
                  "CSCvz29120",
                  "CSCvz29121",
                  "CSCvz29126",
                  "CSCvz29134",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-06T16:00:00",
               ID: "CVE-2021-34780",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business 200 Series Smart Switches",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-120",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               defect: [
                  [
                     "CSCvz29108",
                     "CSCvz29116",
                     "CSCvz29120",
                     "CSCvz29121",
                     "CSCvz29126",
                     "CSCvz29134",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34780",
      datePublished: "2021-10-06T19:45:16.944722Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:50:54.851Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34776
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:49
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Impacted products
Vendor Product Version
Cisco Cisco Small Business 200 Series Smart Switches Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.215Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34776",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:40:16.739201Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:49:38.418Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business 200 Series Smart Switches",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T19:45:38",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            },
         ],
         source: {
            advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            defect: [
               [
                  "CSCvz29108",
                  "CSCvz29116",
                  "CSCvz29120",
                  "CSCvz29121",
                  "CSCvz29126",
                  "CSCvz29134",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-06T16:00:00",
               ID: "CVE-2021-34776",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business 200 Series Smart Switches",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-120",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               defect: [
                  [
                     "CSCvz29108",
                     "CSCvz29116",
                     "CSCvz29120",
                     "CSCvz29121",
                     "CSCvz29126",
                     "CSCvz29134",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34776",
      datePublished: "2021-10-06T19:45:38.353912Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:49:38.418Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34778
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:49
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Impacted products
Vendor Product Version
Cisco Cisco Small Business 200 Series Smart Switches Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.214Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34778",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:40:19.706737Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:49:51.256Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business 200 Series Smart Switches",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T19:45:27",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            },
         ],
         source: {
            advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            defect: [
               [
                  "CSCvz29108",
                  "CSCvz29116",
                  "CSCvz29120",
                  "CSCvz29121",
                  "CSCvz29126",
                  "CSCvz29134",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-06T16:00:00",
               ID: "CVE-2021-34778",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business 200 Series Smart Switches",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-120",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               defect: [
                  [
                     "CSCvz29108",
                     "CSCvz29116",
                     "CSCvz29120",
                     "CSCvz29121",
                     "CSCvz29126",
                     "CSCvz29134",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34778",
      datePublished: "2021-10-06T19:45:27.626395Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:49:51.256Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34757
Vulnerability from cvelistv5
Published
2021-10-06 19:46
Modified
2024-11-07 21:48
Summary
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business 220 Series Smart Plus Switches Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.139Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34757",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:40:08.512662Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:48:59.339Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business 220 Series Smart Plus Switches",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-540",
                     description: "CWE-540",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T19:46:05",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
            },
         ],
         source: {
            advisory: "cisco-sa-sb-hardcoded-cred-MJCEXvX",
            defect: [
               [
                  "CSCvy90709",
                  "CSCvy90713",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-06T16:00:00",
               ID: "CVE-2021-34757",
               STATE: "PUBLIC",
               TITLE: "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business 220 Series Smart Plus Switches",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "5.5",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-540",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb-hardcoded-cred-MJCEXvX",
               defect: [
                  [
                     "CSCvy90709",
                     "CSCvy90713",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34757",
      datePublished: "2021-10-06T19:46:05.398513Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:48:59.339Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34777
Vulnerability from cvelistv5
Published
2021-10-06 19:45
Modified
2024-11-07 21:49
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Impacted products
Vendor Product Version
Cisco Cisco Small Business 200 Series Smart Switches Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.215Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34777",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:40:18.228633Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T21:49:44.714Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business 200 Series Smart Switches",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-10-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T19:45:32",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            },
         ],
         source: {
            advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
            defect: [
               [
                  "CSCvz29108",
                  "CSCvz29116",
                  "CSCvz29120",
                  "CSCvz29121",
                  "CSCvz29126",
                  "CSCvz29134",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-10-06T16:00:00",
               ID: "CVE-2021-34777",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business 200 Series Smart Switches",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-120",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
               defect: [
                  [
                     "CSCvz29108",
                     "CSCvz29116",
                     "CSCvz29120",
                     "CSCvz29121",
                     "CSCvz29126",
                     "CSCvz29134",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34777",
      datePublished: "2021-10-06T19:45:33.022373Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T21:49:44.714Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F57E1F8-E627-4113-A443-A6DB80236233",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16987EB7-0097-462F-9ED6-BD99328069EE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50706ED0-C8BD-4300-A139-E3CD06D0F889",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "694AD646-37B9-413B-98E8-0D7E3638CF7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "912D0893-5C74-498C-91F2-3BDE746658FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "609956AC-1496-49D5-B9F4-620AA9B08FDB",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A783C843-285B-4811-8A58-9CE40DC9A156",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "972E3541-9384-4A5B-9528-9CE264A89779",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7337547E-A891-45DD-B4B7-126080520F19",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "763C387F-1656-4D4A-9245-38E50819AA70",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE82D534-9E35-4F71-8E93-1255FF492AF0",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C849A07-4AE9-4593-A2F6-17014F672DC8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAE9D5-701D-4936-865D-04F16E61CF7F",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7125313E-2FDB-4AC8-A84C-AD1837856436",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Varias vulnerabilidades en el firmware de Cisco Business 220 Series Smart Switches podrían permitir a un atacante con privilegios de administrador acceder a credenciales de inicio de sesión confidenciales o reconfigurar las contraseñas de la cuenta de usuario. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso",
      },
   ],
   id: "CVE-2021-34744",
   lastModified: "2024-11-21T06:11:06.340",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-06T20:15:10.393",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-540",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-798",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F57E1F8-E627-4113-A443-A6DB80236233",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16987EB7-0097-462F-9ED6-BD99328069EE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50706ED0-C8BD-4300-A139-E3CD06D0F889",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "694AD646-37B9-413B-98E8-0D7E3638CF7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "912D0893-5C74-498C-91F2-3BDE746658FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "609956AC-1496-49D5-B9F4-620AA9B08FDB",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A783C843-285B-4811-8A58-9CE40DC9A156",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "972E3541-9384-4A5B-9528-9CE264A89779",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7337547E-A891-45DD-B4B7-126080520F19",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "763C387F-1656-4D4A-9245-38E50819AA70",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE82D534-9E35-4F71-8E93-1255FF492AF0",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C849A07-4AE9-4593-A2F6-17014F672DC8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAE9D5-701D-4936-865D-04F16E61CF7F",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7125313E-2FDB-4AC8-A84C-AD1837856436",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
      },
      {
         lang: "es",
         value: "Se presentan varias vulnerabilidades en la implementación del Protocolo de Detección de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podría llevar a cabo lo siguiente: Ejecutar código en el dispositivo afectado o causar su recarga inesperada. Causar una corrupción de la base de datos LLDP en el dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades",
      },
   ],
   id: "CVE-2021-34778",
   lastModified: "2024-11-21T06:11:10.847",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.9,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-06T20:15:15.833",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F57E1F8-E627-4113-A443-A6DB80236233",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16987EB7-0097-462F-9ED6-BD99328069EE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50706ED0-C8BD-4300-A139-E3CD06D0F889",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "694AD646-37B9-413B-98E8-0D7E3638CF7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "912D0893-5C74-498C-91F2-3BDE746658FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "609956AC-1496-49D5-B9F4-620AA9B08FDB",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A783C843-285B-4811-8A58-9CE40DC9A156",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "972E3541-9384-4A5B-9528-9CE264A89779",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7337547E-A891-45DD-B4B7-126080520F19",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "763C387F-1656-4D4A-9245-38E50819AA70",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE82D534-9E35-4F71-8E93-1255FF492AF0",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C849A07-4AE9-4593-A2F6-17014F672DC8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAE9D5-701D-4936-865D-04F16E61CF7F",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7125313E-2FDB-4AC8-A84C-AD1837856436",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
      },
      {
         lang: "es",
         value: "Se presentan varias vulnerabilidades en la implementación del Protocolo de Detección de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podría llevar a cabo lo siguiente: Ejecutar código en el dispositivo afectado o causar su recarga inesperada. Causar una corrupción de la base de datos LLDP en el dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades",
      },
   ],
   id: "CVE-2021-34779",
   lastModified: "2024-11-21T06:11:10.997",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-06T20:15:16.710",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F57E1F8-E627-4113-A443-A6DB80236233",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16987EB7-0097-462F-9ED6-BD99328069EE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50706ED0-C8BD-4300-A139-E3CD06D0F889",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "694AD646-37B9-413B-98E8-0D7E3638CF7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "912D0893-5C74-498C-91F2-3BDE746658FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "609956AC-1496-49D5-B9F4-620AA9B08FDB",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A783C843-285B-4811-8A58-9CE40DC9A156",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "972E3541-9384-4A5B-9528-9CE264A89779",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7337547E-A891-45DD-B4B7-126080520F19",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "763C387F-1656-4D4A-9245-38E50819AA70",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE82D534-9E35-4F71-8E93-1255FF492AF0",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C849A07-4AE9-4593-A2F6-17014F672DC8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAE9D5-701D-4936-865D-04F16E61CF7F",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7125313E-2FDB-4AC8-A84C-AD1837856436",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
      },
      {
         lang: "es",
         value: "Se presentan varias vulnerabilidades en la implementación del Protocolo de Detección de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podría llevar a cabo lo siguiente: Ejecutar código en el dispositivo afectado o causar su recarga inesperada. Causar una corrupción de la base de datos LLDP en el dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades",
      },
   ],
   id: "CVE-2021-34775",
   lastModified: "2024-11-21T06:11:10.350",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.9,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-06T20:15:14.447",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F57E1F8-E627-4113-A443-A6DB80236233",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16987EB7-0097-462F-9ED6-BD99328069EE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50706ED0-C8BD-4300-A139-E3CD06D0F889",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "694AD646-37B9-413B-98E8-0D7E3638CF7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "912D0893-5C74-498C-91F2-3BDE746658FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "609956AC-1496-49D5-B9F4-620AA9B08FDB",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A783C843-285B-4811-8A58-9CE40DC9A156",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "972E3541-9384-4A5B-9528-9CE264A89779",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7337547E-A891-45DD-B4B7-126080520F19",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "763C387F-1656-4D4A-9245-38E50819AA70",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE82D534-9E35-4F71-8E93-1255FF492AF0",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C849A07-4AE9-4593-A2F6-17014F672DC8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAE9D5-701D-4936-865D-04F16E61CF7F",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7125313E-2FDB-4AC8-A84C-AD1837856436",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Varias vulnerabilidades en el firmware de Cisco Business 220 Series Smart Switches podrían permitir a un atacante con privilegios de administrador acceder a credenciales de inicio de sesión confidenciales o reconfigurar las contraseñas de la cuenta de usuario. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso",
      },
   ],
   id: "CVE-2021-34757",
   lastModified: "2024-11-21T06:11:07.857",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 3.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "PHYSICAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.3,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-06T20:15:10.947",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-540",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-798",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F57E1F8-E627-4113-A443-A6DB80236233",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16987EB7-0097-462F-9ED6-BD99328069EE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50706ED0-C8BD-4300-A139-E3CD06D0F889",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "694AD646-37B9-413B-98E8-0D7E3638CF7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "912D0893-5C74-498C-91F2-3BDE746658FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "609956AC-1496-49D5-B9F4-620AA9B08FDB",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A783C843-285B-4811-8A58-9CE40DC9A156",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "972E3541-9384-4A5B-9528-9CE264A89779",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7337547E-A891-45DD-B4B7-126080520F19",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "763C387F-1656-4D4A-9245-38E50819AA70",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE82D534-9E35-4F71-8E93-1255FF492AF0",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C849A07-4AE9-4593-A2F6-17014F672DC8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAE9D5-701D-4936-865D-04F16E61CF7F",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7125313E-2FDB-4AC8-A84C-AD1837856436",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
      },
      {
         lang: "es",
         value: "Se presentan varias vulnerabilidades en la implementación del Protocolo de Detección de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podría llevar a cabo lo siguiente: Ejecutar código en el dispositivo afectado o causar su recarga inesperada. Causar una corrupción de la base de datos LLDP en el dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades",
      },
   ],
   id: "CVE-2021-34777",
   lastModified: "2024-11-21T06:11:10.650",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.9,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-06T20:15:15.090",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F57E1F8-E627-4113-A443-A6DB80236233",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16987EB7-0097-462F-9ED6-BD99328069EE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50706ED0-C8BD-4300-A139-E3CD06D0F889",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "694AD646-37B9-413B-98E8-0D7E3638CF7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "912D0893-5C74-498C-91F2-3BDE746658FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "609956AC-1496-49D5-B9F4-620AA9B08FDB",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A783C843-285B-4811-8A58-9CE40DC9A156",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "972E3541-9384-4A5B-9528-9CE264A89779",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7337547E-A891-45DD-B4B7-126080520F19",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "763C387F-1656-4D4A-9245-38E50819AA70",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE82D534-9E35-4F71-8E93-1255FF492AF0",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C849A07-4AE9-4593-A2F6-17014F672DC8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAE9D5-701D-4936-865D-04F16E61CF7F",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7125313E-2FDB-4AC8-A84C-AD1837856436",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
      },
      {
         lang: "es",
         value: "Se presentan varias vulnerabilidades en la implementación del Protocolo de Detección de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podría llevar a cabo lo siguiente: Ejecutar código en el dispositivo afectado o causar su recarga inesperada. Causar una corrupción de la base de datos LLDP en el dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades",
      },
   ],
   id: "CVE-2021-34776",
   lastModified: "2024-11-21T06:11:10.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.9,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-06T20:15:14.733",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F57E1F8-E627-4113-A443-A6DB80236233",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8t-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B54D4-1DAC-4805-AB0C-12B4AF3AA2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2C7129-CEA2-49D5-9967-DC5D2AAD65FE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8p-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D6B0BB2-6CCF-4C28-A8A6-2D83F8BAD16D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "716EF897-3C9C-408A-92FC-AFDF3F436C1A",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-8fp-e-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A732D0F9-0C3A-41F1-9CD7-6839878F11E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D7CA726-6C49-40E3-BAF8-1C3906548EFD",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16t-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A796A4C0-1EC3-4D5D-8992-7C9C9EB64B7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16987EB7-0097-462F-9ED6-BD99328069EE",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-16p-2g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53F2ACD8-7EEA-4FF5-91B3-2499A67C2A6B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50706ED0-C8BD-4300-A139-E3CD06D0F889",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "694AD646-37B9-413B-98E8-0D7E3638CF7B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F8CC1AB-91D0-4073-911E-E8561DE61ED4",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "912D0893-5C74-498C-91F2-3BDE746658FF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "609956AC-1496-49D5-B9F4-620AA9B08FDB",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A783C843-285B-4811-8A58-9CE40DC9A156",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "620B645E-EEF3-4001-B42C-F0F8A4C5FF7E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "972E3541-9384-4A5B-9528-9CE264A89779",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7337547E-A891-45DD-B4B7-126080520F19",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39E46FA4-73AF-4C90-83E0-E6882ED9F0DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "763C387F-1656-4D4A-9245-38E50819AA70",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B16A54C-FE26-41E8-B9C8-D20C55F95B9F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B4D510-E63C-428D-BBFD-524ADC88FA2E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5F675E8-69BA-4C5D-A638-15070E4C3A95",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE82D534-9E35-4F71-8E93-1255FF492AF0",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-24fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F9AD8EC-96C2-4431-96A9-E297DC302C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43CD76F1-08CB-4E2B-8CAA-A3483D87772B",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48t-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C849A07-4AE9-4593-A2F6-17014F672DC8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "35CAE9D5-701D-4936-865D-04F16E61CF7F",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48p-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7125313E-2FDB-4AC8-A84C-AD1837856436",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA6DCB-B5A0-460E-9F41-7367F076EE0E",
                     versionEndIncluding: "1.2.0.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:business_220-48fp-4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9630B5B-14CA-4779-9080-7B3FE6EE5CB8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.",
      },
      {
         lang: "es",
         value: "Se presentan múltiples vulnerabilidades en la implementación del Protocolo de Detección de la Capa de Enlace (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente no autenticado podría llevar a cabo lo siguiente: Ejecutar código en el dispositivo afectado o causar su recarga inesperada. Causar una corrupción de la base de datos LLDP en el dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de firmware que abordan estas vulnerabilidades",
      },
   ],
   id: "CVE-2021-34780",
   lastModified: "2024-11-21T06:11:11.140",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-06T20:15:17.950",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}