Skip to main content

Sf250 24 Firmware CVE-2021-34739

HIGH
Insufficient Session Expiration (CWE-613)
2021-11-04 psirt@cisco.com
Cisco Authentication Bypass Sf250 24 Firmware Sf250 24P Firmware Sf250 48 Firmware Sf250 48Hp Firmware Sf250 08 Firmware Sf250 08Hp Firmware Sf250 10P Firmware Sf250 18 Firmware Sf250 26 Firmware Sf250 26Hp Firmware Sf250 26P Firmware Sf250 50 Firmware Sf250 50Hp Firmware Sf250 50P Firmware Sf250X 24 Firmware Sf250X 24P Firmware Sf250X 48 Firmware Sf250X 48P Firmware Sf350 08 Firmware Sf350 24 Firmware Sf350 24Mp Firmware Sf350 24P Firmware Sf350 48 Firmware Sf350 8Mp Firmware Sf350 48P Firmware Sf352 08 Firmware Sf352 08Mp Firmware Sf352 08P Firmware Sf350 8Pd Firmware Sf350 10 Firmware Sf350 10Mp Firmware Sf350 10P Firmware Sf350 10Sfp Firmware Sf350 20 Firmware Sf350 28 Firmware Sf350 28Mp Firmware Sf350 28P Firmware Sf350 28Sfp Firmware Sf350 52 Firmware Sf350 52Mp Firmware Sf350 52P Firmware Sf355 10P Firmware Sg350X 8Pmd Firmware Sg350X 12Pmv Firmware Sg350X 24 Firmware Sg350X 24P Firmware Sg350X 24Mp Firmware Sg350X 24Pd Firmware Sg350X 24Pv Firmware Sg350X 48 Firmware Sg350X 48P Firmware Sg350X 48Mp Firmware Sg350X 48Pv Firmware Sg350Xg 2F10 Firmware Sg350Xg 24F Firmware Sg350Xg 24T Firmware Sg350Xg 48T Firmware Sx350X 08 Firmware Sx350X 12 Firmware Sx350X 24F Firmware Sx350X 24 Firmware Sx350X 52 Firmware Sf550X 24 Firmware Sf550X 24P Firmware Sf550X 24Mp Firmware Sf550X 48 Firmware Sf550X 48P Firmware Sf550X 48Mp Firmware Sg550X 24 Firmware Sg550X 24P Firmware Sg550X 24Mp Firmware Sg550X 24Mpp Firmware Sg550X 48 Firmware Sg550X 48P Firmware Sg550X 48Mp Firmware Sg550Xg 8F8T Firmware Sg550Xg 24F Firmware Sg550Xg 24T Firmware Sg550Xg 48T Firmware Sx550X 12F Firmware Sx550X 16Ft Firmware Sx550X 24Ft Firmware Sx550X 24F Firmware Sx550X 24 Firmware Sx550X 52 Firmware Cbs250 8T D Firmware Cbs250 8Pp D Firmware Cbs250 8T E 2G Firmware Cbs250 8Pp E 2G Firmware Cbs250 8P E 2G Firmware Cbs250 8Fp E 2G Firmware Cbs250 16T 2G Firmware Cbs250 16P 2G Firmware Cbs250 24T 4G Firmware Cbs250 24Pp 4G Firmware Cbs250 24P 4G Firmware Cbs250 24Fp 4G Firmware Cbs250 48T 4G Firmware Cbs250 48Pp 4G Firmware Cbs250 48P 4G Firmware Cbs250 24T 4X Firmware Cbs250 24P 4X Firmware Cbs250 24Fp 4X Firmware Cbs250 48T 4X Firmware Cbs250 48P 4X Firmware Cbs350 8T E 2G Firmware Cbs350 8P 2G Firmware Cbs350 8P E 2G Firmware Cbs350 8Fp 2G Firmware Cbs350 8Fp E 2G Firmware Cbs350 8S E 2G Firmware Cbs350 16T 2G Firmware Cbs350 16T E 2G Firmware Cbs350 16P 2G Firmware Cbs350 16P E 2G Firmware Cbs350 16Fp 2G Firmware Cbs350 24T 4G Firmware Cbs350 24P 4G Firmware Cbs350 24Fp 4G Firmware Cbs350 24S 4G Firmware Cbs350 48T 4G Firmware Cbs350 48P 4G Firmware Cbs350 48Fp 4G Firmware Cbs350 24T 4X Firmware Cbs350 24P 4X Firmware Cbs350 24Fp 4X Firmware Cbs350 48T 4X Firmware Cbs350 48P 4X Firmware Cbs350 48Fp 4X Firmware Cbs350 8Mgp 2X Firmware Cbs350 8Mp 2X Firmware Cbs350 24Mgp 4X Firmware Cbs350 12Np 4X Firmware Cbs350 24Ngp 4X Firmware Cbs350 48Ngp 4X Firmware Cbs350 8Xt Firmware Cbs350 12Xs Firmware Cbs350 12Xt Firmware Cbs350 16Xts Firmware Cbs350 24Xs Firmware Cbs350 24Xt Firmware Cbs350 24Xts Firmware Cbs350 48Xt 4X Firmware Esw2 350G 52 Firmware Esw2 350G 52Dc Firmware Esw2 550X 48 Firmware Esw2 550X 48Dc Firmware Sf200 24 Firmware Sf200 24P Firmware Sf200 24Fp Firmware Sf200 48 Firmware Sf200 48P Firmware Sg200 08 Firmware Sg200 08P Firmware Sg200 10Fp Firmware Sg200 18 Firmware Sg200 26 Firmware Sg200 26P Firmware Sg200 26Fp Firmware Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware Sf300 08 Firmware Sf302 08 Firmware Sf302 08P Firmware Sf302 08Pp Firmware Sf302 08Mp Firmware Sf302 08Mpp Firmware Sf300 24 Firmware Sf300 24P Firmware Sf300 24Pp Firmware Sf300 24Mp Firmware Sf300 48 Firmware Sf300 48P Firmware Sf300 48Pp Firmware Sg300 10 Firmware Sg300 10Sfp Firmware Sg300 10P Firmware Sg300 10Pp Firmware Sg300 10Mp Firmware Sg300 10Mpp Firmware Sg300 20 Firmware Sg300 28 Firmware Sg300 28P Firmware Sg300 28Pp Firmware Sg300 28Mp Firmware Sg300 52 Firmware Sg300 52P Firmware Sg300 52Mp Firmware Sg300 28Sfp Firmware Sf500 24 Firmware Sf500 24P Firmware Sf500 24Mp Firmware Sf500 48 Firmware Sf500 48P Firmware Sf500 48Mp Firmware Sg500 28 Firmware Sg500 28P Firmware Sg500 28Mpp Firmware Sg500 52 Firmware Sg500 52P Firmware Sg500 52Mp Firmware Sg500X 24 Firmware Sg500X 24P Firmware Sg500X 24Mpp Firmware Sg500X 48 Firmware Sg500X 48P Firmware Sg500X 48Mp Firmware Sg500Xg 8F8T Firmware
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 04, 2021 - 16:15 nvd
HIGH 8.1

DescriptionNVD

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.

AnalysisAI

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-613. A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges. Affected products include: Cisco Sf250-24 Firmware, Cisco Sf250-24P Firmware, Cisco Sf250-48 Firmware, Cisco Sf250-48Hp Firmware, Cisco Sf250-08 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-15439 CRITICAL POC
9.8 Nov 08

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass

CVE-2023-20189 CRITICAL POC
9.8 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2023-20162 CRITICAL POC
9.8 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2023-20161 CRITICAL POC
9.8 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2023-20160 CRITICAL POC
9.8 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2023-20159 CRITICAL POC
9.8 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2023-20158 CRITICAL POC
9.8 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2023-20157 CRITICAL POC
9.8 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2023-20156 CRITICAL POC
9.8 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2023-20024 HIGH POC
7.5 May 18

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an

CVE-2020-3297 CRITICAL
9.8 Jul 02

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches cou

CVE-2019-12636 HIGH
8.8 Oct 16

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an

Share

CVE-2021-34739 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy