CVE-2021-1571 - Vulnerability Details

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Cisco	Sf220-24 Sf220-24 Firmware Sf220-24p Sf220-24p Firmware Sf220-48 Sf220-48 Firmware Sf220-48p Sf220-48p Firmware Sg220-26 Sg220-26 Firmware Sg220-26p Sg220-26p Firmware Sg220-28mp Sg220-28mp Firmware Sg220-50 Sg220-50 Firmware Sg220-50p Sg220-50p Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:sf220-24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-24:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-24p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-48:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-48p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-26:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:sg220-26p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-26p:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cisco:sg220-28mp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-28mp:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cisco:sg220-50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-50:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:sg220-50p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-50p:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E

History

Thu, 07 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-06-16T17:45:12.098683Z

Updated: 2024-11-07T22:08:40.015Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1571

Vulnrichment

Updated: 2024-08-03T16:18:10.979Z

NVD

Status : Modified

Published: 2021-06-16T18:15:09.450

Modified: 2024-11-21T05:44:38.893

Link: CVE-2021-1571

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object