CVE-2021-34744

moderate-risk
Published 2021-10-06

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10 Medium
NETWORK / LOW complexity

Affected Products (16)

Business 220-8T-E-2G Firmware
Business 220-8P-E-2G Firmware
Business 220-8Fp-E-2G Firmware
Business 220-16T-2G Firmware
Business 220-16P-2G Firmware
Business 220-24T-4G Firmware
Business 220-24P-4G Firmware
Business 220-24Fp-4G Firmware
Business 220-48T-4G Firmware
Business 220-48P-4G Firmware
Business 220-24T-4X Firmware
Business 220-24P-4X Firmware
Business 220-24Fp-4X Firmware
Business 220-48T-4X Firmware
Business 220-48P-4X Firmware
Business 220-48Fp-4X Firmware

Affected Vendors

Cisco

References (2)

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s...
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s...
39
/ 100
moderate-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate