CVE-2021-1571 - OpenCVE

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Sf220-24 Sf220-24 Firmware Sf220-24p Sf220-24p Firmware Sf220-48 Sf220-48 Firmware Sf220-48p Sf220-48p Firmware Sg220-26 Sg220-26 Firmware Sg220-26p Sg220-26p Firmware Sg220-28mp Sg220-28mp Firmware Sg220-50 Sg220-50 Firmware Sg220-50p Sg220-50p Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:sf220-24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-24:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-24p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-48:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sf220-48p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-26:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:sg220-26p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-26p:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cisco:sg220-28mp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-28mp:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cisco:sg220-50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-50:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:sg220-50p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:sg220-50p:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-06-16T17:45:12.098683Z

Updated: 2024-09-17T03:37:48.502Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1571

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-16T18:15:09.450

Modified: 2023-11-07T03:28:39.760

Link: CVE-2021-1571

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object