VDB

CVE-2021-34739

CVE-2021-34739 PUBLISHED CVSS 8.100000381469727 HIGH

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.

EPSS 0.50% · 66.5th percentile

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.50%
66.5th percentile

Affected Products

VendorProductVersions
ciscosf250x-48_firmware0
ciscosg200-50p_firmware
ciscocbs350-16p-e-2g_firmware0
ciscocbs350-24ngp-4x_firmware0
ciscocbs350-16xts_firmware0
ciscosf302-08pp_firmware1.4.11.02
ciscosg200-10fp_firmware
ciscosf250-26p_firmware0
ciscosg550xg-8f8t_firmware0
ciscocbs250-16t-2g_firmware0
ciscocbs350-24p-4g_firmware0
ciscosf350-8pd_firmware0
ciscosx550x-52_firmware0
ciscosf352-08mp_firmware0
ciscosf250-08_firmware0
ciscosf350-28mp_firmware0
ciscosf300-24mp_firmware1.4.11.02
ciscosf300-48pp_firmware1.4.11.02
ciscocbs350-8mgp-2x_firmware0
ciscocbs350-8mp-2x_firmware0

…and 190 more

Exploit Intelligence

Timeline

  • Nov 4, 2021 CVE Published
  • Nov 5, 2021 EPSS Score
  • Dec 31, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 21, 2022 EPSS Score
  • Jun 16, 2022 EPSS Score
  • Aug 12, 2022 EPSS Score
  • Oct 6, 2022 EPSS Score
  • Dec 1, 2022 EPSS Score
  • Jan 26, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›