8.1
CVE-2021-34739
- EPSS 0.5%
- Veröffentlicht 04.11.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:11:05
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Sf250-24 Firmware Version <= 2.5
Cisco ≫ Sf250-24p Firmware Version <= 2.5
Cisco ≫ Sf250-48 Firmware Version <= 2.5
Cisco ≫ Sf250-48hp Firmware Version <= 2.5
Cisco ≫ Sf250-08 Firmware Version <= 2.5
Cisco ≫ Sf250-08hp Firmware Version <= 2.5
Cisco ≫ Sf250-10p Firmware Version <= 2.5
Cisco ≫ Sf250-18 Firmware Version <= 2.5
Cisco ≫ Sf250-26 Firmware Version <= 2.5
Cisco ≫ Sf250-26hp Firmware Version <= 2.5
Cisco ≫ Sf250-26p Firmware Version <= 2.5
Cisco ≫ Sf250-50 Firmware Version <= 2.5
Cisco ≫ Sf250-50hp Firmware Version <= 2.5
Cisco ≫ Sf250-50p Firmware Version <= 2.5
Cisco ≫ Sf250x-24 Firmware Version <= 2.5
Cisco ≫ Sf250x-24p Firmware Version <= 2.5
Cisco ≫ Sf250x-48 Firmware Version <= 2.5
Cisco ≫ Sf250x-48p Firmware Version <= 2.5
Cisco ≫ Sf350-08 Firmware Version <= 2.5
Cisco ≫ Sf350-24 Firmware Version <= 2.5
Cisco ≫ Sf350-24mp Firmware Version <= 2.5
Cisco ≫ Sf350-24p Firmware Version <= 2.5
Cisco ≫ Sf350-48 Firmware Version <= 2.5
Cisco ≫ Sf350-8mp Firmware Version <= 2.5
Cisco ≫ Sf350-48p Firmware Version <= 2.5
Cisco ≫ Sf352-08 Firmware Version <= 2.5
Cisco ≫ Sf352-08mp Firmware Version <= 2.5
Cisco ≫ Sf352-08p Firmware Version <= 2.5
Cisco ≫ Sf350-8pd Firmware Version <= 2.5
Cisco ≫ Sf350-10 Firmware Version <= 2.5
Cisco ≫ Sf350-10mp Firmware Version <= 2.5
Cisco ≫ Sf350-10p Firmware Version <= 2.5
Cisco ≫ Sf350-10sfp Firmware Version <= 2.5
Cisco ≫ Sf350-20 Firmware Version <= 2.5
Cisco ≫ Sf350-28 Firmware Version <= 2.5
Cisco ≫ Sf350-28mp Firmware Version <= 2.5
Cisco ≫ Sf350-28p Firmware Version <= 2.5
Cisco ≫ Sf350-28sfp Firmware Version <= 2.5
Cisco ≫ Sf350-52 Firmware Version <= 2.5
Cisco ≫ Sf350-52mp Firmware Version <= 2.5
Cisco ≫ Sf350-52p Firmware Version <= 2.5
Cisco ≫ Sf355-10p Firmware Version <= 2.5
Cisco ≫ Sg350x-8pmd Firmware Version <= 2.5
Cisco ≫ Sg350x-12pmv Firmware Version <= 2.5
Cisco ≫ Sg350x-24 Firmware Version <= 2.5
Cisco ≫ Sg350x-24p Firmware Version <= 2.5
Cisco ≫ Sg350x-24mp Firmware Version <= 2.5
Cisco ≫ Sg350x-24pd Firmware Version <= 2.5
Cisco ≫ Sg350x-24pv Firmware Version <= 2.5
Cisco ≫ Sg350x-48 Firmware Version <= 2.5
Cisco ≫ Sg350x-48p Firmware Version <= 2.5
Cisco ≫ Sg350x-48mp Firmware Version <= 2.5
Cisco ≫ Sg350x-48pv Firmware Version <= 2.5
Cisco ≫ Sg350xg-2f10 Firmware Version <= 2.5
Cisco ≫ Sg350xg-24f Firmware Version <= 2.5
Cisco ≫ Sg350xg-24t Firmware Version <= 2.5
Cisco ≫ Sg350xg-48t Firmware Version <= 2.5
Cisco ≫ Sx350x-08 Firmware Version <= 2.5
Cisco ≫ Sx350x-12 Firmware Version <= 2.5
Cisco ≫ Sx350x-24f Firmware Version <= 2.5
Cisco ≫ Sx350x-24 Firmware Version <= 2.5
Cisco ≫ Sx350x-52 Firmware Version <= 2.5
Cisco ≫ Sf550x-24 Firmware Version <= 2.5
Cisco ≫ Sf550x-24p Firmware Version <= 2.5
Cisco ≫ Sf550x-24mp Firmware Version <= 2.5
Cisco ≫ Sf550x-48 Firmware Version <= 2.5
Cisco ≫ Sf550x-48p Firmware Version <= 2.5
Cisco ≫ Sf550x-48mp Firmware Version <= 2.5
Cisco ≫ Sg550x-24 Firmware Version <= 2.5
Cisco ≫ Sg550x-24p Firmware Version <= 2.5
Cisco ≫ Sg550x-24mp Firmware Version <= 2.5
Cisco ≫ Sg550x-24mpp Firmware Version <= 2.5
Cisco ≫ Sg550x-48 Firmware Version <= 2.5
Cisco ≫ Sg550x-48p Firmware Version <= 2.5
Cisco ≫ Sg550x-48mp Firmware Version <= 2.5
Cisco ≫ Sg550xg-8f8t Firmware Version <= 2.5
Cisco ≫ Sg550xg-24f Firmware Version <= 2.5
Cisco ≫ Sg550xg-24t Firmware Version <= 2.5
Cisco ≫ Sg550xg-48t Firmware Version <= 2.5
Cisco ≫ Sx550x-12f Firmware Version <= 2.5
Cisco ≫ Sx550x-16ft Firmware Version <= 2.5
Cisco ≫ Sx550x-24ft Firmware Version <= 2.5
Cisco ≫ Sx550x-24f Firmware Version <= 2.5
Cisco ≫ Sx550x-24 Firmware Version <= 2.5
Cisco ≫ Sx550x-52 Firmware Version <= 2.5
Cisco ≫ Cbs250-8t-d Firmware Version <= 3.1
Cisco ≫ Cbs250-8pp-d Firmware Version <= 3.1
Cisco ≫ Cbs250-8t-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs250-8pp-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs250-8p-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs250-8fp-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs250-16t-2g Firmware Version <= 3.1
Cisco ≫ Cbs250-16p-2g Firmware Version <= 3.1
Cisco ≫ Cbs250-24t-4g Firmware Version <= 3.1
Cisco ≫ Cbs250-24pp-4g Firmware Version <= 3.1
Cisco ≫ Cbs250-24p-4g Firmware Version <= 3.1
Cisco ≫ Cbs250-24fp-4g Firmware Version <= 3.1
Cisco ≫ Cbs250-48t-4g Firmware Version <= 3.1
Cisco ≫ Cbs250-48pp-4g Firmware Version <= 3.1
Cisco ≫ Cbs250-48p-4g Firmware Version <= 3.1
Cisco ≫ Cbs250-24t-4x Firmware Version <= 3.1
Cisco ≫ Cbs250-24p-4x Firmware Version <= 3.1
Cisco ≫ Cbs250-24fp-4x Firmware Version <= 3.1
Cisco ≫ Cbs250-48t-4x Firmware Version <= 3.1
Cisco ≫ Cbs250-48p-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-8t-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-8p-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-8p-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-8fp-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-8fp-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-8s-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-16t-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-16t-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-16p-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-16p-e-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-16fp-2g Firmware Version <= 3.1
Cisco ≫ Cbs350-24t-4g Firmware Version <= 3.1
Cisco ≫ Cbs350-24p-4g Firmware Version <= 3.1
Cisco ≫ Cbs350-24fp-4g Firmware Version <= 3.1
Cisco ≫ Cbs350-24s-4g Firmware Version <= 3.1
Cisco ≫ Cbs350-48t-4g Firmware Version <= 3.1
Cisco ≫ Cbs350-48p-4g Firmware Version <= 3.1
Cisco ≫ Cbs350-48fp-4g Firmware Version <= 3.1
Cisco ≫ Cbs350-24t-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-24p-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-24fp-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-48t-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-48p-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-48fp-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-8mgp-2x Firmware Version <= 3.1
Cisco ≫ Cbs350-8mp-2x Firmware Version <= 3.1
Cisco ≫ Cbs350-24mgp-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-12np-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-24ngp-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-48ngp-4x Firmware Version <= 3.1
Cisco ≫ Cbs350-8xt Firmware Version <= 3.1
Cisco ≫ Cbs350-12xs Firmware Version <= 3.1
Cisco ≫ Cbs350-12xt Firmware Version <= 3.1
Cisco ≫ Cbs350-16xts Firmware Version <= 3.1
Cisco ≫ Cbs350-24xs Firmware Version <= 3.1
Cisco ≫ Cbs350-24xt Firmware Version <= 3.1
Cisco ≫ Cbs350-24xts Firmware Version <= 3.1
Cisco ≫ Cbs350-48xt-4x Firmware Version <= 3.1
Cisco ≫ Esw2-350g-52 Firmware Version <= 2.5
Cisco ≫ Esw2-350g-52dc Firmware Version <= 2.5
Cisco ≫ Esw2-550x-48 Firmware Version <= 2.5
Cisco ≫ Esw2-550x-48dc Firmware Version <= 2.5
Cisco ≫ Sf200-24 Firmware Version-
Cisco ≫ Sf200-24p Firmware Version-
Cisco ≫ Sf200-24fp Firmware Version-
Cisco ≫ Sf200-48 Firmware Version-
Cisco ≫ Sf200-48p Firmware Version-
Cisco ≫ Sg200-08 Firmware Version-
Cisco ≫ Sg200-08p Firmware Version-
Cisco ≫ Sg200-10fp Firmware Version-
Cisco ≫ Sg200-18 Firmware Version-
Cisco ≫ Sg200-26 Firmware Version-
Cisco ≫ Sg200-26p Firmware Version-
Cisco ≫ Sg200-26fp Firmware Version-
Cisco ≫ Sg200-50 Firmware Version-
Cisco ≫ Sg200-50p Firmware Version-
Cisco ≫ Sg200-50fp Firmware Version-
Cisco ≫ Sf300-08 Firmware Version1.4.11.02
Cisco ≫ Sf302-08 Firmware Version1.4.11.02
Cisco ≫ Sf302-08p Firmware Version1.4.11.02
Cisco ≫ Sf302-08pp Firmware Version1.4.11.02
Cisco ≫ Sf302-08mp Firmware Version1.4.11.02
Cisco ≫ Sf302-08mpp Firmware Version1.4.11.02
Cisco ≫ Sf300-24 Firmware Version1.4.11.02
Cisco ≫ Sf300-24p Firmware Version1.4.11.02
Cisco ≫ Sf300-24pp Firmware Version1.4.11.02
Cisco ≫ Sf300-24mp Firmware Version1.4.11.02
Cisco ≫ Sf300-48 Firmware Version1.4.11.02
Cisco ≫ Sf300-48p Firmware Version1.4.11.02
Cisco ≫ Sf300-48pp Firmware Version1.4.11.02
Cisco ≫ Sg300-10 Firmware Version1.4.11.02
Cisco ≫ Sg300-10sfp Firmware Version1.4.11.02
Cisco ≫ Sg300-10p Firmware Version1.4.11.02
Cisco ≫ Sg300-10pp Firmware Version1.4.11.02
Cisco ≫ Sg300-10mp Firmware Version1.4.11.02
Cisco ≫ Sg300-10mpp Firmware Version1.4.11.02
Cisco ≫ Sg300-20 Firmware Version1.4.11.02
Cisco ≫ Sg300-28 Firmware Version1.4.11.02
Cisco ≫ Sg300-28p Firmware Version1.4.11.02
Cisco ≫ Sg300-28pp Firmware Version1.4.11.02
Cisco ≫ Sg300-28mp Firmware Version1.4.11.02
Cisco ≫ Sg300-52 Firmware Version1.4.11.02
Cisco ≫ Sg300-52p Firmware Version1.4.11.02
Cisco ≫ Sg300-52mp Firmware Version1.4.11.02
Cisco ≫ Sg300-28sfp Firmware Version1.4.11.02
Cisco ≫ Sf500-24 Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sf500-24p Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sf500-24mp Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sf500-48 Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sf500-48p Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sf500-48mp Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500-28 Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500-28p Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500-28mpp Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500-52 Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500-52p Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500-52mp Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500x-24 Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500x-24p Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500x-24mpp Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500x-48 Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500x-48p Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500x-48mp Firmware Version >= 2.5.5.0 < 2.5.8.12
Cisco ≫ Sg500xg-8f8t Firmware Version >= 2.5.5.0 < 2.5.8.12
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.65 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| psirt@cisco.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."