5.3

CVE-2021-40127

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition.

Data is provided by the National Vulnerability Database (NVD)
CiscoSf200-24 Firmware Version-
   CiscoSf200-24 Version-
CiscoSf200-24fp Firmware Version-
   CiscoSf200-24fp Version-
CiscoSf200-24p Firmware Version-
   CiscoSf200-24p Version-
CiscoSf200-48 Firmware Version-
   CiscoSf200-48 Version-
CiscoSf200-48p Firmware Version-
   CiscoSf200-48p Version-
CiscoSf200e-24 Firmware Version-
   CiscoSf200e-24 Version-
CiscoSf200e-24p Firmware Version-
   CiscoSf200e-24p Version-
CiscoSf200e-48 Firmware Version-
   CiscoSf200e-48 Version-
CiscoSf200e-48p Firmware Version-
   CiscoSf200e-48p Version-
CiscoSg200-08 Firmware Version-
   CiscoSg200-08 Version-
CiscoSg200-08p Firmware Version-
   CiscoSg200-08p Version-
CiscoSg200-10fp Firmware Version-
   CiscoSg200-10fp Version-
CiscoSg200-18 Firmware Version-
   CiscoSg200-18 Version-
CiscoSg200-26 Firmware Version-
   CiscoSg200-26 Version-
CiscoSg200-26fp Firmware Version-
   CiscoSg200-26fp Version-
CiscoSg200-26p Firmware Version-
   CiscoSg200-26p Version-
CiscoSg200-50 Firmware Version-
   CiscoSg200-50 Version-
CiscoSg200-50fp Firmware Version-
   CiscoSg200-50fp Version-
CiscoSg200-50p Firmware Version-
   CiscoSg200-50p Version-
CiscoSf300-08 Firmware Version1.4.11.02
   CiscoSf300-08 Version-
CiscoSf300-24 Firmware Version1.4.11.02
   CiscoSf300-24 Version-
CiscoSf300-24mp Firmware Version1.4.11.02
   CiscoSf300-24mp Version-
CiscoSf300-24p Firmware Version1.4.11.02
   CiscoSf300-24p Version-
CiscoSf300-24pp Firmware Version1.4.11.02
   CiscoSf300-24pp Version-
CiscoSf300-48 Firmware Version1.4.11.02
   CiscoSf300-48 Version-
CiscoSf300-48p Firmware Version1.4.11.02
   CiscoSf300-48p Version-
CiscoSf300-48pp Firmware Version1.4.11.02
   CiscoSf300-48pp Version-
CiscoSf302-08 Firmware Version1.4.11.02
   CiscoSf302-08 Version-
CiscoSf302-08mp Firmware Version1.4.11.02
   CiscoSf302-08mp Version-
CiscoSf302-08mpp Firmware Version1.4.11.02
   CiscoSf302-08mpp Version-
CiscoSf302-08p Firmware Version1.4.11.02
   CiscoSf302-08p Version-
CiscoSf302-08pp Firmware Version1.4.11.02
   CiscoSf302-08pp Version-
CiscoSg300-10 Firmware Version1.4.11.02
   CiscoSg300-10 Version-
CiscoSg300-10mp Firmware Version1.4.11.02
   CiscoSg300-10mp Version-
CiscoSg300-10mpp Firmware Version1.4.11.02
   CiscoSg300-10mpp Version-
CiscoSg300-10p Firmware Version1.4.11.02
   CiscoSg300-10p Version-
CiscoSg300-10pp Firmware Version1.4.11.02
   CiscoSg300-10pp Version-
CiscoSg300-sfp Firmware Version1.4.11.02
   CiscoSg300-sfp Version-
CiscoSg300-20 Firmware Version1.4.11.02
   CiscoSg300-20 Version-
CiscoSg300-28 Firmware Version1.4.11.02
   CiscoSg300-28 Version-
CiscoSg300-28mp Firmware Version1.4.11.02
   CiscoSg300-28mp Version-
CiscoSg300-28p Firmware Version1.4.11.02
   CiscoSg300-28p Version-
CiscoSg300-28pp Firmware Version1.4.11.02
   CiscoSg300-28pp Version-
CiscoSg300-28sfp Firmware Version1.4.11.02
   CiscoSg300-28sfp Version-
CiscoSg300-52 Firmware Version1.4.11.02
   CiscoSg300-52 Version-
CiscoSg300-52mp Firmware Version1.4.11.02
   CiscoSg300-52mp Version-
CiscoSg300-52p Firmware Version1.4.11.02
   CiscoSg300-52p Version-
CiscoSf500-24 Firmware Version-
   CiscoSf500-24 Version-
CiscoSf500-24mp Firmware Version-
   CiscoSf500-24mp Version-
CiscoSf500-24p Firmware Version-
   CiscoSf500-24p Version-
CiscoSf500-48 Firmware Version-
   CiscoSf500-48 Version-
CiscoSf500-48mp Firmware Version-
   CiscoSf500-48mp Version-
CiscoSf500-48p Firmware Version-
   CiscoSf500-48p Version-
CiscoSg500-28 Firmware Version-
   CiscoSg500-28 Version-
CiscoSg500-28mpp Firmware Version-
   CiscoSg500-28mpp Version-
CiscoSg500-28p Firmware Version-
   CiscoSg500-28p Version-
CiscoSg500-52 Firmware Version-
   CiscoSg500-52 Version-
CiscoSg500-52mp Firmware Version-
   CiscoSg500-52mp Version-
CiscoSg500-52p Firmware Version-
   CiscoSg500-52p Version-
CiscoSg500x-24 Firmware Version-
   CiscoSg500x-24 Version-
CiscoSg500x-24mpp Firmware Version-
   CiscoSg500x-24mpp Version-
CiscoSg500x-24p Firmware Version-
   CiscoSg500x-24p Version-
CiscoSg500x-48 Firmware Version-
   CiscoSg500x-48 Version-
CiscoSg500x-48mpp Firmware Version-
   CiscoSg500x-48mpp Version-
CiscoSg500x-48p Firmware Version-
   CiscoSg500x-48p Version-
CiscoSg500xg-8f8t Firmware Version-
   CiscoSg500xg-8f8t Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.15% 0.366
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
psirt@cisco.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.