Cisco Small Business Series Switches Session Credentials Replay Vulnerability
CVE-2021-34739

8.1HIGH

Key Information:

Vendor
Cisco
Status
Cisco Small Business Smart And Managed Switches
Vendor
CVE Published:
4 November 2021

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.

Affected Version(s)

Cisco Small Business Smart and Managed Switches

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.