CVE-2021-34744 | Severity.io

Description

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.

Related CPE's

business_220-8t-e-2g_firmware

Vulnerable

business_220-8t-e-2g

business_220-8p-e-2g_firmware

Vulnerable

business_220-8p-e-2g

business_220-8fp-e-2g_firmware

Vulnerable

business_220-8fp-e-2g

business_220-16t-2g_firmware

Vulnerable

business_220-16t-2g

business_220-16p-2g_firmware

Vulnerable

business_220-16p-2g

business_220-24t-4g_firmware

Vulnerable

business_220-24t-4g

business_220-24p-4g_firmware

Vulnerable

business_220-24p-4g

business_220-24fp-4g_firmware

Vulnerable

business_220-24fp-4g

business_220-48t-4g_firmware

Vulnerable

business_220-48t-4g

business_220-48p-4g_firmware

Vulnerable

business_220-48p-4g

business_220-24t-4x_firmware

Vulnerable

business_220-24t-4x

business_220-24p-4x_firmware

Vulnerable

business_220-24p-4x

business_220-24fp-4x_firmware

Vulnerable

business_220-24fp-4x

business_220-48t-4x_firmware

Vulnerable

business_220-48t-4x

business_220-48p-4x_firmware

Vulnerable

business_220-48p-4x

business_220-48fp-4x_firmware

Vulnerable

business_220-48fp-4x

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-798

[email protected]

Secondary

CWE-540

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.9 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-06T20:15:10.393

3 years ago

Last modified

2023-11-07T03:36:17.130

1 year ago