CVE-2021-40127
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition.
EPSS 0.15% · 35.7th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | sf200e-24p_firmware | |
| cisco | sf302-08_firmware | 1.4.11.02 |
| cisco | sf300-24_firmware | 1.4.11.02 |
| cisco | sf300-24pp_firmware | 1.4.11.02 |
| cisco | sf300-24p_firmware | 1.4.11.02 |
| cisco | sf500-48mp_firmware | |
| cisco | sg500-52p_firmware | |
| cisco | sf200-24_firmware | |
| cisco | sg300-10p_firmware | 1.4.11.02 |
| cisco | sg300-28_firmware | 1.4.11.02 |
| cisco | sg200-50_firmware | |
| cisco | sg500x-24_firmware | |
| cisco | sf302-08pp_firmware | 1.4.11.02 |
| cisco | sg300-10mp_firmware | 1.4.11.02 |
| cisco | sg300-sfp_firmware | 1.4.11.02 |
| cisco | sf302-08mp_firmware | 1.4.11.02 |
| cisco | sf200e-48p_firmware | |
| cisco | sf302-08mpp_firmware | 1.4.11.02 |
| cisco | sf500-24_firmware | |
| cisco | sg200-26_firmware |
…and 47 more
Exploit Intelligence
Timeline
- Nov 4, 2021 CVE Published
- Nov 5, 2021 EPSS Score
- Dec 31, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 21, 2022 EPSS Score
- Jun 16, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 6, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 26, 2023 EPSS Score