Sf220 24 Firmware
CVE-2021-1571
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
AnalysisAI
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. Affected products include: Cisco Sf220-24 Firmware, Cisco Sf220-24P Firmware, Cisco Sf220-48 Firmware, Cisco Sf220-48P Firmware, Cisco Sg220-26 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Sf220 24 Firmware
View allMultiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could a
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could a
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could a
Same weakness CWE-287 – Improper Authentication
View allShare
External POC / Exploit Code
Leaving vuln.today