CVE-2021-1571 - OpenCVE

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Sf220-48p Firmware Sf220-48p Sg220-50p Firmware Sg220-28mp Firmware Sf220-24 Sf220-24p Firmware Sf220-24p Sg220-26 Sg220-28mp Sg220-50 Firmware Sg220-26p Sf220-24 Firmware Sf220-48 Sg220-26 Firmware Sf220-48 Firmware Sg220-26p Firmware Sg220-50 Sg220-50p

Configuration 1 [-]

AND

cpe:2.3:o:cisco:sf220-24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-24:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-24p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-48:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-48p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-26:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:sg220-26p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-26p:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cisco:sg220-28mp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-28mp:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cisco:sg220-50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-50:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:sg220-50p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-50p:-:*:*:*:*:*:*:*

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2021-06-16T00:00:00

Updated: 2021-06-16T17:45:12

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1571

JSON object: View

NVD Information

Status : Modified

Published: 2021-06-16T18:15:09.450

Modified: 2023-11-07T03:28:39.760

Link: CVE-2021-1571

JSON object: View

Redhat Information

No data.

CWE