Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2021-34739

Published: 04/11/2021 Updated: 15/11/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Sf250-24 Firmware

Vulnerability Summary

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote malicious user to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the malicious user to access the web-based management interface with administrator privileges.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco sf250-24_firmware

cisco sf250-24p_firmware

cisco sf250-48_firmware

cisco sf250-48hp_firmware

cisco sf250-08_firmware

cisco sf250-08hp_firmware

cisco sf250-10p_firmware

cisco sf250-18_firmware

cisco sf250-26_firmware

cisco sf250-26hp_firmware

cisco sf250-26p_firmware

cisco sf250-50_firmware

cisco sf250-50hp_firmware

cisco sf250-50p_firmware

cisco sf250x-24_firmware

cisco sf250x-24p_firmware

cisco sf250x-48_firmware

cisco sf250x-48p_firmware

cisco sf350-08_firmware

cisco sf350-24_firmware

cisco sf350-24mp_firmware

cisco sf350-24p_firmware

cisco sf350-48_firmware

cisco sf350-8mp_firmware

cisco sf350-48p_firmware

cisco sf352-08_firmware

cisco sf352-08mp_firmware

cisco sf352-08p_firmware

cisco sf350-8pd_firmware

cisco sf350-10_firmware

cisco sf350-10mp_firmware

cisco sf350-10p_firmware

cisco sf350-10sfp_firmware

cisco sf350-20_firmware

cisco sf350-28_firmware

cisco sf350-28mp_firmware

cisco sf350-28p_firmware

cisco sf350-28sfp_firmware

cisco sf350-52_firmware

cisco sf350-52mp_firmware

cisco sf350-52p_firmware

cisco sf355-10p_firmware

cisco sg350x-8pmd_firmware

cisco sg350x-12pmv_firmware

cisco sg350x-24_firmware

cisco sg350x-24p_firmware

cisco sg350x-24mp_firmware

cisco sg350x-24pd_firmware

cisco sg350x-24pv_firmware

cisco sg350x-48_firmware

cisco sg350x-48p_firmware

cisco sg350x-48mp_firmware

cisco sg350x-48pv_firmware

cisco sg350xg-2f10_firmware

cisco sg350xg-24f_firmware

cisco sg350xg-24t_firmware

cisco sg350xg-48t_firmware

cisco sx350x-08_firmware

cisco sx350x-12_firmware

cisco sx350x-24f_firmware

cisco sx350x-24_firmware

cisco sx350x-52_firmware

cisco sf550x-24_firmware

cisco sf550x-24p_firmware

cisco sf550x-24mp_firmware

cisco sf550x-48_firmware

cisco sf550x-48p_firmware

cisco sf550x-48mp_firmware

cisco sg550x-24_firmware

cisco sg550x-24p_firmware

cisco sg550x-24mp_firmware

cisco sg550x-24mpp_firmware

cisco sg550x-48_firmware

cisco sg550x-48p_firmware

cisco sg550x-48mp_firmware

cisco sg550xg-8f8t_firmware

cisco sg550xg-24f_firmware

cisco sg550xg-24t_firmware

cisco sg550xg-48t_firmware

cisco sx550x-12f_firmware

cisco sx550x-16ft_firmware

cisco sx550x-24ft_firmware

cisco sx550x-24f_firmware

cisco sx550x-24_firmware

cisco sx550x-52_firmware

cisco cbs250-8t-d_firmware

cisco cbs250-8pp-d_firmware

cisco cbs250-8t-e-2g_firmware

cisco cbs250-8pp-e-2g_firmware

cisco cbs250-8p-e-2g_firmware

cisco cbs250-8fp-e-2g_firmware

cisco cbs250-16t-2g_firmware

cisco cbs250-16p-2g_firmware

cisco cbs250-24t-4g_firmware

cisco cbs250-24pp-4g_firmware

cisco cbs250-24p-4g_firmware

cisco cbs250-24fp-4g_firmware

cisco cbs250-48t-4g_firmware

cisco cbs250-48pp-4g_firmware

cisco cbs250-48p-4g_firmware

cisco cbs250-24t-4x_firmware

cisco cbs250-24p-4x_firmware

cisco cbs250-24fp-4x_firmware

cisco cbs250-48t-4x_firmware

cisco cbs250-48p-4x_firmware

cisco cbs350-8t-e-2g_firmware

cisco cbs350-8p-2g_firmware

cisco cbs350-8p-e-2g_firmware

cisco cbs350-8fp-2g_firmware

cisco cbs350-8fp-e-2g_firmware

cisco cbs350-8s-e-2g_firmware

cisco cbs350-16t-2g_firmware

cisco cbs350-16t-e-2g_firmware

cisco cbs350-16p-2g_firmware

cisco cbs350-16p-e-2g_firmware

cisco cbs350-16fp-2g_firmware

cisco cbs350-24t-4g_firmware

cisco cbs350-24p-4g_firmware

cisco cbs350-24fp-4g_firmware

cisco cbs350-24s-4g_firmware

cisco cbs350-48t-4g_firmware

cisco cbs350-48p-4g_firmware

cisco cbs350-48fp-4g_firmware

cisco cbs350-24t-4x_firmware

cisco cbs350-24p-4x_firmware

cisco cbs350-24fp-4x_firmware

cisco cbs350-48t-4x_firmware

cisco cbs350-48p-4x_firmware

cisco cbs350-48fp-4x_firmware

cisco cbs350-8mgp-2x_firmware

cisco cbs350-8mp-2x_firmware

cisco cbs350-24mgp-4x_firmware

cisco cbs350-12np-4x_firmware

cisco cbs350-24ngp-4x_firmware

cisco cbs350-48ngp-4x_firmware

cisco cbs350-8xt_firmware

cisco cbs350-12xs_firmware

cisco cbs350-12xt_firmware

cisco cbs350-16xts_firmware

cisco cbs350-24xs_firmware

cisco cbs350-24xt_firmware

cisco cbs350-24xts_firmware

cisco cbs350-48xt-4x_firmware

cisco esw2-350g-52_firmware

cisco esw2-350g-52dc_firmware

cisco esw2-550x-48_firmware

cisco esw2-550x-48dc_firmware

cisco sf200-24_firmware -

cisco sf200-24p_firmware -

cisco sf200-24fp_firmware -

cisco sf200-48_firmware -

cisco sf200-48p_firmware -

cisco sg200-08_firmware -

cisco sg200-08p_firmware -

cisco sg200-10fp_firmware -

cisco sg200-18_firmware -

cisco sg200-26_firmware -

cisco sg200-26p_firmware -

cisco sg200-26fp_firmware -

cisco sg200-50_firmware -

cisco sg200-50p_firmware -

cisco sg200-50fp_firmware -

cisco sf300-08_firmware 1.4.11.02

cisco sf302-08_firmware 1.4.11.02

cisco sf302-08p_firmware 1.4.11.02

cisco sf302-08pp_firmware 1.4.11.02

cisco sf302-08mp_firmware 1.4.11.02

cisco sf302-08mpp_firmware 1.4.11.02

cisco sf300-24_firmware 1.4.11.02

cisco sf300-24p_firmware 1.4.11.02

cisco sf300-24pp_firmware 1.4.11.02

cisco sf300-24mp_firmware 1.4.11.02

cisco sf300-48_firmware 1.4.11.02

cisco sf300-48p_firmware 1.4.11.02

cisco sf300-48pp_firmware 1.4.11.02

cisco sg300-10_firmware 1.4.11.02

cisco sg300-10sfp_firmware 1.4.11.02

cisco sg300-10p_firmware 1.4.11.02

cisco sg300-10pp_firmware 1.4.11.02

cisco sg300-10mp_firmware 1.4.11.02

cisco sg300-10mpp_firmware 1.4.11.02

cisco sg300-20_firmware 1.4.11.02

cisco sg300-28_firmware 1.4.11.02

cisco sg300-28p_firmware 1.4.11.02

cisco sg300-28pp_firmware 1.4.11.02

cisco sg300-28mp_firmware 1.4.11.02

cisco sg300-52_firmware 1.4.11.02

cisco sg300-52p_firmware 1.4.11.02

cisco sg300-52mp_firmware 1.4.11.02

cisco sg300-28sfp_firmware 1.4.11.02

cisco sf500-24_firmware

cisco sf500-24p_firmware

cisco sf500-24mp_firmware

cisco sf500-48_firmware

cisco sf500-48p_firmware

cisco sf500-48mp_firmware

cisco sg500-28_firmware

cisco sg500-28p_firmware

cisco sg500-28mpp_firmware

cisco sg500-52_firmware

cisco sg500-52p_firmware

cisco sg500-52mp_firmware

cisco sg500x-24_firmware

cisco sg500x-24p_firmware

cisco sg500x-24mpp_firmware

cisco sg500x-48_firmware

cisco sg500x-48p_firmware

cisco sg500x-48mp_firmware

cisco sg500xg-8f8t_firmware

Vendor Advisories

Cisco: Cisco Small Business Series Switches Session Credentials Replay Vulnerability
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device This vulnerability is due to insufficient expiration of session cred ...

References

CWE-613https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionSSTICVE-2023-28846CVE-2022-47986cache poisoningCVE-2023-23397CVE-2023-28755CVE-2023-25040CVE-2023-1755
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook