CVE-2021-1571

Published Jun 16, 2021

Last updated a year ago

CVSS medium 6.1

Overview

Description: Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79
ykramarz@cisco.com: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sf220-24_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "592CAF99-2CD8-46F2-8715-9930F22A4DE8",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sf220-24:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7CBD8429-E036-4934-AF6A-3B5095F87ADF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "513E4F52-6493-4A92-90CA-8A92CC9ECA8C",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sf220-24p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "02258A44-A9BA-471B-AEEC-BDCBD44D6BD0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE41D686-C6AB-46E5-899C-523BC9E216C7",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sf220-48:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AC0EB976-563C-41B9-9F3F-2584721EDAA7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CAA3662-6E4A-4842-A667-31634AF59437",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sf220-48p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AAA7BE42-9570-4550-991A-4B6821D8F723"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02042FA3-B98E-4BED-BB2F-B50E010D9EFC",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sg220-26:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "69CE90A1-9914-457B-9E23-E63765275D62"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sg220-26p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D704F371-A2A4-417B-825E-E083AC8EBC89",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sg220-26p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F70FBA10-934C-45F6-A01D-4BAD5F421C96"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sg220-28mp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "458DC6B7-781D-4AA9-90D1-773C7DCFBE59",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sg220-28mp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "67CDEE3C-5A58-45A4-B092-07CA9418131F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sg220-50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1478637-D8E5-477C-B487-C3D0AD623B90",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sg220-50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E024644E-83BD-49CA-8E27-8977B15713BE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:sg220-50p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52346644-43C4-45C5-905E-6A3F95806FF4",
            "versionEndExcluding": "1.2.0.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:sg220-50p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "808746E3-4A3D-44F3-8510-52D699F7D3C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References