CVE-2021-1541 - Vulnerability Details

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Cisco	Sf220-24 Sf220-24 Firmware Sf220-24p Sf220-24p Firmware Sf220-48 Sf220-48 Firmware Sf220-48p Sf220-48p Firmware Sg220-26 Sg220-26 Firmware Sg220-26p Sg220-26p Firmware Sg220-28mp Sg220-28mp Firmware Sg220-50 Sg220-50 Firmware Sg220-50p Sg220-50p Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:sf220-24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-24:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-24p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-48:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-48p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-26:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:sg220-26p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-26p:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cisco:sg220-28mp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-28mp:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cisco:sg220-50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-50:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:sg220-50p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-50p:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E

History

Thu, 07 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-06-16T17:35:34.689911Z

Updated: 2024-11-07T22:08:46.480Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1541

Vulnrichment

Updated: 2024-08-03T16:11:17.682Z

NVD

Status : Modified

Published: 2021-06-16T18:15:08.347

Modified: 2024-11-21T05:44:34.950

Link: CVE-2021-1541

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object