fkie_cve-2021-1541
Vulnerability from fkie_nvd
Published
2021-06-16 18:15
Modified
2024-11-21 05:44
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | sf220-24_firmware | * | |
| cisco | sf220-24 | - | |
| cisco | sf220-24p_firmware | * | |
| cisco | sf220-24p | - | |
| cisco | sf220-48_firmware | * | |
| cisco | sf220-48 | - | |
| cisco | sf220-48p_firmware | * | |
| cisco | sf220-48p | - | |
| cisco | sg220-26_firmware | * | |
| cisco | sg220-26 | - | |
| cisco | sg220-26p_firmware | * | |
| cisco | sg220-26p | - | |
| cisco | sg220-28mp_firmware | * | |
| cisco | sg220-28mp | - | |
| cisco | sg220-50_firmware | * | |
| cisco | sg220-50 | - | |
| cisco | sg220-50p_firmware | * | |
| cisco | sg220-50p | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf220-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "592CAF99-2CD8-46F2-8715-9930F22A4DE8",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf220-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBD8429-E036-4934-AF6A-3B5095F87ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513E4F52-6493-4A92-90CA-8A92CC9ECA8C",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf220-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02258A44-A9BA-471B-AEEC-BDCBD44D6BD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE41D686-C6AB-46E5-899C-523BC9E216C7",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf220-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0EB976-563C-41B9-9F3F-2584721EDAA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAA3662-6E4A-4842-A667-31634AF59437",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf220-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7BE42-9570-4550-991A-4B6821D8F723",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02042FA3-B98E-4BED-BB2F-B50E010D9EFC",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg220-26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE90A1-9914-457B-9E23-E63765275D62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg220-26p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D704F371-A2A4-417B-825E-E083AC8EBC89",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg220-26p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70FBA10-934C-45F6-A01D-4BAD5F421C96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg220-28mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "458DC6B7-781D-4AA9-90D1-773C7DCFBE59",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg220-28mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67CDEE3C-5A58-45A4-B092-07CA9418131F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg220-50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1478637-D8E5-477C-B487-C3D0AD623B90",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg220-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E024644E-83BD-49CA-8E27-8977B15713BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg220-50p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52346644-43C4-45C5-905E-6A3F95806FF4",
"versionEndExcluding": "1.2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg220-50p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "808746E3-4A3D-44F3-8510-52D699F7D3C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de Cisco Small Business 220 Series Smart Switches podr\u00edan permitir a un atacante hacer lo siguiente: Secuestrar una sesi\u00f3n de usuario, Ejecutar comandos arbitrarios como usuario root en el sistema operativo subyacente, Conducir un ataque de tipo cross-site scripting (XSS), Conducir un ataque de inyecci\u00f3n HTML. Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"
}
],
"id": "CVE-2021-1541",
"lastModified": "2024-11-21T05:44:34.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-16T18:15:08.347",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…