VDB
CVE-2021-40112
CVE-2021-40112
PUBLISHED
CVSS 10 CRITICAL
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
EPSS 1.60% · 82.1th percentile
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
1.60%
82.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | catalyst_pon_switch_cgp-ont-4pvc_firmware | 0 |
| cisco | catalyst_pon_switch_cgp-ont-4pv_firmware | 0 |
| cisco | catalyst_pon_switch_cgp-ont-4tvcw_firmware | 0 |
| Cisco | Cisco Catalyst PON Series | * |
| cisco | catalyst_pon_switch_cgp-ont-4p_firmware | 0 |
| cisco | catalyst_pon_switch_cgp-ont-1p_firmware | 0 |
Exploit Intelligence
Timeline
- Nov 4, 2021 CVE Published
- Nov 5, 2021 EPSS Score
- Dec 31, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 24, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 21, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 6, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 26, 2023 EPSS Score
- Mar 23, 2023 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-40112 advisory