Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2021-34739

Published: 04/11/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote malicious user to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the malicious user to access the web-based management interface with administrator privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco sf250-24_firmware

cisco sf250-24p_firmware

cisco sf250-48_firmware

cisco sf250-48hp_firmware

cisco sf250-08_firmware

cisco sf250-08hp_firmware

cisco sf250-10p_firmware

cisco sf250-18_firmware

cisco sf250-26_firmware

cisco sf250-26hp_firmware

cisco sf250-26p_firmware

cisco sf250-50_firmware

cisco sf250-50hp_firmware

cisco sf250-50p_firmware

cisco sf250x-24_firmware

cisco sf250x-24p_firmware

cisco sf250x-48_firmware

cisco sf250x-48p_firmware

cisco sf350-08_firmware

cisco sf350-24_firmware

cisco sf350-24mp_firmware

cisco sf350-24p_firmware

cisco sf350-48_firmware

cisco sf350-8mp_firmware

cisco sf350-48p_firmware

cisco sf352-08_firmware

cisco sf352-08mp_firmware

cisco sf352-08p_firmware

cisco sf350-8pd_firmware

cisco sf350-10_firmware

cisco sf350-10mp_firmware

cisco sf350-10p_firmware

cisco sf350-10sfp_firmware

cisco sf350-20_firmware

cisco sf350-28_firmware

cisco sf350-28mp_firmware

cisco sf350-28p_firmware

cisco sf350-28sfp_firmware

cisco sf350-52_firmware

cisco sf350-52mp_firmware

cisco sf350-52p_firmware

cisco sf355-10p_firmware

cisco sg350x-8pmd_firmware

cisco sg350x-12pmv_firmware

cisco sg350x-24_firmware

cisco sg350x-24p_firmware

cisco sg350x-24mp_firmware

cisco sg350x-24pd_firmware

cisco sg350x-24pv_firmware

cisco sg350x-48_firmware

cisco sg350x-48p_firmware

cisco sg350x-48mp_firmware

cisco sg350x-48pv_firmware

cisco sg350xg-2f10_firmware

cisco sg350xg-24f_firmware

cisco sg350xg-24t_firmware

cisco sg350xg-48t_firmware

cisco sx350x-08_firmware

cisco sx350x-12_firmware

cisco sx350x-24f_firmware

cisco sx350x-24_firmware

cisco sx350x-52_firmware

cisco sf550x-24_firmware

cisco sf550x-24p_firmware

cisco sf550x-24mp_firmware

cisco sf550x-48_firmware

cisco sf550x-48p_firmware

cisco sf550x-48mp_firmware

cisco sg550x-24_firmware

cisco sg550x-24p_firmware

cisco sg550x-24mp_firmware

cisco sg550x-24mpp_firmware

cisco sg550x-48_firmware

cisco sg550x-48p_firmware

cisco sg550x-48mp_firmware

cisco sg550xg-8f8t_firmware

cisco sg550xg-24f_firmware

cisco sg550xg-24t_firmware

cisco sg550xg-48t_firmware

cisco sx550x-12f_firmware

cisco sx550x-16ft_firmware

cisco sx550x-24ft_firmware

cisco sx550x-24f_firmware

cisco sx550x-24_firmware

cisco sx550x-52_firmware

cisco cbs250-8t-d_firmware

cisco cbs250-8pp-d_firmware

cisco cbs250-8t-e-2g_firmware

cisco cbs250-8pp-e-2g_firmware

cisco cbs250-8p-e-2g_firmware

cisco cbs250-8fp-e-2g_firmware

cisco cbs250-16t-2g_firmware

cisco cbs250-16p-2g_firmware

cisco cbs250-24t-4g_firmware

cisco cbs250-24pp-4g_firmware

cisco cbs250-24p-4g_firmware

cisco cbs250-24fp-4g_firmware

cisco cbs250-48t-4g_firmware

cisco cbs250-48pp-4g_firmware

cisco cbs250-48p-4g_firmware

cisco cbs250-24t-4x_firmware

cisco cbs250-24p-4x_firmware

cisco cbs250-24fp-4x_firmware

cisco cbs250-48t-4x_firmware

cisco cbs250-48p-4x_firmware

cisco cbs350-8t-e-2g_firmware

cisco cbs350-8p-2g_firmware

cisco cbs350-8p-e-2g_firmware

cisco cbs350-8fp-2g_firmware

cisco cbs350-8fp-e-2g_firmware

cisco cbs350-8s-e-2g_firmware

cisco cbs350-16t-2g_firmware

cisco cbs350-16t-e-2g_firmware

cisco cbs350-16p-2g_firmware

cisco cbs350-16p-e-2g_firmware

cisco cbs350-16fp-2g_firmware

cisco cbs350-24t-4g_firmware

cisco cbs350-24p-4g_firmware

cisco cbs350-24fp-4g_firmware

cisco cbs350-24s-4g_firmware

cisco cbs350-48t-4g_firmware

cisco cbs350-48p-4g_firmware

cisco cbs350-48fp-4g_firmware

cisco cbs350-24t-4x_firmware

cisco cbs350-24p-4x_firmware

cisco cbs350-24fp-4x_firmware

cisco cbs350-48t-4x_firmware

cisco cbs350-48p-4x_firmware

cisco cbs350-48fp-4x_firmware

cisco cbs350-8mgp-2x_firmware

cisco cbs350-8mp-2x_firmware

cisco cbs350-24mgp-4x_firmware

cisco cbs350-12np-4x_firmware

cisco cbs350-24ngp-4x_firmware

cisco cbs350-48ngp-4x_firmware

cisco cbs350-8xt_firmware

cisco cbs350-12xs_firmware

cisco cbs350-12xt_firmware

cisco cbs350-16xts_firmware

cisco cbs350-24xs_firmware

cisco cbs350-24xt_firmware

cisco cbs350-24xts_firmware

cisco cbs350-48xt-4x_firmware

cisco esw2-350g-52_firmware

cisco esw2-350g-52dc_firmware

cisco esw2-550x-48_firmware

cisco esw2-550x-48dc_firmware

cisco sf200-24_firmware -

cisco sf200-24p_firmware -

cisco sf200-24fp_firmware -

cisco sf200-48_firmware -

cisco sf200-48p_firmware -

cisco sg200-08_firmware -

cisco sg200-08p_firmware -

cisco sg200-10fp_firmware -

cisco sg200-18_firmware -

cisco sg200-26_firmware -

cisco sg200-26p_firmware -

cisco sg200-26fp_firmware -

cisco sg200-50_firmware -

cisco sg200-50p_firmware -

cisco sg200-50fp_firmware -

cisco sf300-08_firmware 1.4.11.02

cisco sf302-08_firmware 1.4.11.02

cisco sf302-08p_firmware 1.4.11.02

cisco sf302-08pp_firmware 1.4.11.02

cisco sf302-08mp_firmware 1.4.11.02

cisco sf302-08mpp_firmware 1.4.11.02

cisco sf300-24_firmware 1.4.11.02

cisco sf300-24p_firmware 1.4.11.02

cisco sf300-24pp_firmware 1.4.11.02

cisco sf300-24mp_firmware 1.4.11.02

cisco sf300-48_firmware 1.4.11.02

cisco sf300-48p_firmware 1.4.11.02

cisco sf300-48pp_firmware 1.4.11.02

cisco sg300-10_firmware 1.4.11.02

cisco sg300-10sfp_firmware 1.4.11.02

cisco sg300-10p_firmware 1.4.11.02

cisco sg300-10pp_firmware 1.4.11.02

cisco sg300-10mp_firmware 1.4.11.02

cisco sg300-10mpp_firmware 1.4.11.02

cisco sg300-20_firmware 1.4.11.02

cisco sg300-28_firmware 1.4.11.02

cisco sg300-28p_firmware 1.4.11.02

cisco sg300-28pp_firmware 1.4.11.02

cisco sg300-28mp_firmware 1.4.11.02

cisco sg300-52_firmware 1.4.11.02

cisco sg300-52p_firmware 1.4.11.02

cisco sg300-52mp_firmware 1.4.11.02

cisco sg300-28sfp_firmware 1.4.11.02

cisco sf500-24_firmware

cisco sf500-24p_firmware

cisco sf500-24mp_firmware

cisco sf500-48_firmware

cisco sf500-48p_firmware

cisco sf500-48mp_firmware

cisco sg500-28_firmware

cisco sg500-28p_firmware

cisco sg500-28mpp_firmware

cisco sg500-52_firmware

cisco sg500-52p_firmware

cisco sg500-52mp_firmware

cisco sg500x-24_firmware

cisco sg500x-24p_firmware

cisco sg500x-24mpp_firmware

cisco sg500x-48_firmware

cisco sg500x-48p_firmware

cisco sg500x-48mp_firmware

cisco sg500xg-8f8t_firmware

Vendor Advisories

Cisco: Cisco Small Business Series Switches Session Credentials Replay Vulnerability
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device This vulnerability is due to insufficient expiration of session cred ...

References

CWE-613https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook