Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2021-34739

Published: 04/11/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote malicious user to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the malicious user to access the web-based management interface with administrator privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco sf250-24 firmware

cisco sf250-24p firmware

cisco sf250-48 firmware

cisco sf250-48hp firmware

cisco sf250-08 firmware

cisco sf250-08hp firmware

cisco sf250-10p firmware

cisco sf250-18 firmware

cisco sf250-26 firmware

cisco sf250-26hp firmware

cisco sf250-26p firmware

cisco sf250-50 firmware

cisco sf250-50hp firmware

cisco sf250-50p firmware

cisco sf250x-24 firmware

cisco sf250x-24p firmware

cisco sf250x-48 firmware

cisco sf250x-48p firmware

cisco sf350-08 firmware

cisco sf350-24 firmware

cisco sf350-24mp firmware

cisco sf350-24p firmware

cisco sf350-48 firmware

cisco sf350-8mp firmware

cisco sf350-48p firmware

cisco sf352-08 firmware

cisco sf352-08mp firmware

cisco sf352-08p firmware

cisco sf350-8pd firmware

cisco sf350-10 firmware

cisco sf350-10mp firmware

cisco sf350-10p firmware

cisco sf350-10sfp firmware

cisco sf350-20 firmware

cisco sf350-28 firmware

cisco sf350-28mp firmware

cisco sf350-28p firmware

cisco sf350-28sfp firmware

cisco sf350-52 firmware

cisco sf350-52mp firmware

cisco sf350-52p firmware

cisco sf355-10p firmware

cisco sg350x-8pmd firmware

cisco sg350x-12pmv firmware

cisco sg350x-24 firmware

cisco sg350x-24p firmware

cisco sg350x-24mp firmware

cisco sg350x-24pd firmware

cisco sg350x-24pv firmware

cisco sg350x-48 firmware

cisco sg350x-48p firmware

cisco sg350x-48mp firmware

cisco sg350x-48pv firmware

cisco sg350xg-2f10 firmware

cisco sg350xg-24f firmware

cisco sg350xg-24t firmware

cisco sg350xg-48t firmware

cisco sx350x-08 firmware

cisco sx350x-12 firmware

cisco sx350x-24f firmware

cisco sx350x-24 firmware

cisco sx350x-52 firmware

cisco sf550x-24 firmware

cisco sf550x-24p firmware

cisco sf550x-24mp firmware

cisco sf550x-48 firmware

cisco sf550x-48p firmware

cisco sf550x-48mp firmware

cisco sg550x-24 firmware

cisco sg550x-24p firmware

cisco sg550x-24mp firmware

cisco sg550x-24mpp firmware

cisco sg550x-48 firmware

cisco sg550x-48p firmware

cisco sg550x-48mp firmware

cisco sg550xg-8f8t firmware

cisco sg550xg-24f firmware

cisco sg550xg-24t firmware

cisco sg550xg-48t firmware

cisco sx550x-12f firmware

cisco sx550x-16ft firmware

cisco sx550x-24ft firmware

cisco sx550x-24f firmware

cisco sx550x-24 firmware

cisco sx550x-52 firmware

cisco cbs250-8t-d firmware

cisco cbs250-8pp-d firmware

cisco cbs250-8t-e-2g firmware

cisco cbs250-8pp-e-2g firmware

cisco cbs250-8p-e-2g firmware

cisco cbs250-8fp-e-2g firmware

cisco cbs250-16t-2g firmware

cisco cbs250-16p-2g firmware

cisco cbs250-24t-4g firmware

cisco cbs250-24pp-4g firmware

cisco cbs250-24p-4g firmware

cisco cbs250-24fp-4g firmware

cisco cbs250-48t-4g firmware

cisco cbs250-48pp-4g firmware

cisco cbs250-48p-4g firmware

cisco cbs250-24t-4x firmware

cisco cbs250-24p-4x firmware

cisco cbs250-24fp-4x firmware

cisco cbs250-48t-4x firmware

cisco cbs250-48p-4x firmware

cisco cbs350-8t-e-2g firmware

cisco cbs350-8p-2g firmware

cisco cbs350-8p-e-2g firmware

cisco cbs350-8fp-2g firmware

cisco cbs350-8fp-e-2g firmware

cisco cbs350-8s-e-2g firmware

cisco cbs350-16t-2g firmware

cisco cbs350-16t-e-2g firmware

cisco cbs350-16p-2g firmware

cisco cbs350-16p-e-2g firmware

cisco cbs350-16fp-2g firmware

cisco cbs350-24t-4g firmware

cisco cbs350-24p-4g firmware

cisco cbs350-24fp-4g firmware

cisco cbs350-24s-4g firmware

cisco cbs350-48t-4g firmware

cisco cbs350-48p-4g firmware

cisco cbs350-48fp-4g firmware

cisco cbs350-24t-4x firmware

cisco cbs350-24p-4x firmware

cisco cbs350-24fp-4x firmware

cisco cbs350-48t-4x firmware

cisco cbs350-48p-4x firmware

cisco cbs350-48fp-4x firmware

cisco cbs350-8mgp-2x firmware

cisco cbs350-8mp-2x firmware

cisco cbs350-24mgp-4x firmware

cisco cbs350-12np-4x firmware

cisco cbs350-24ngp-4x firmware

cisco cbs350-48ngp-4x firmware

cisco cbs350-8xt firmware

cisco cbs350-12xs firmware

cisco cbs350-12xt firmware

cisco cbs350-16xts firmware

cisco cbs350-24xs firmware

cisco cbs350-24xt firmware

cisco cbs350-24xts firmware

cisco cbs350-48xt-4x firmware

cisco esw2-350g-52 firmware

cisco esw2-350g-52dc firmware

cisco esw2-550x-48 firmware

cisco esw2-550x-48dc firmware

cisco sf200-24 firmware -

cisco sf200-24p firmware -

cisco sf200-24fp firmware -

cisco sf200-48 firmware -

cisco sf200-48p firmware -

cisco sg200-08 firmware -

cisco sg200-08p firmware -

cisco sg200-10fp firmware -

cisco sg200-18 firmware -

cisco sg200-26 firmware -

cisco sg200-26p firmware -

cisco sg200-26fp firmware -

cisco sg200-50 firmware -

cisco sg200-50p firmware -

cisco sg200-50fp firmware -

cisco sf300-08 firmware 1.4.11.02

cisco sf302-08 firmware 1.4.11.02

cisco sf302-08p firmware 1.4.11.02

cisco sf302-08pp firmware 1.4.11.02

cisco sf302-08mp firmware 1.4.11.02

cisco sf302-08mpp firmware 1.4.11.02

cisco sf300-24 firmware 1.4.11.02

cisco sf300-24p firmware 1.4.11.02

cisco sf300-24pp firmware 1.4.11.02

cisco sf300-24mp firmware 1.4.11.02

cisco sf300-48 firmware 1.4.11.02

cisco sf300-48p firmware 1.4.11.02

cisco sf300-48pp firmware 1.4.11.02

cisco sg300-10 firmware 1.4.11.02

cisco sg300-10sfp firmware 1.4.11.02

cisco sg300-10p firmware 1.4.11.02

cisco sg300-10pp firmware 1.4.11.02

cisco sg300-10mp firmware 1.4.11.02

cisco sg300-10mpp firmware 1.4.11.02

cisco sg300-20 firmware 1.4.11.02

cisco sg300-28 firmware 1.4.11.02

cisco sg300-28p firmware 1.4.11.02

cisco sg300-28pp firmware 1.4.11.02

cisco sg300-28mp firmware 1.4.11.02

cisco sg300-52 firmware 1.4.11.02

cisco sg300-52p firmware 1.4.11.02

cisco sg300-52mp firmware 1.4.11.02

cisco sg300-28sfp firmware 1.4.11.02

cisco sf500-24 firmware

cisco sf500-24p firmware

cisco sf500-24mp firmware

cisco sf500-48 firmware

cisco sf500-48p firmware

cisco sf500-48mp firmware

cisco sg500-28 firmware

cisco sg500-28p firmware

cisco sg500-28mpp firmware

cisco sg500-52 firmware

cisco sg500-52p firmware

cisco sg500-52mp firmware

cisco sg500x-24 firmware

cisco sg500x-24p firmware

cisco sg500x-24mpp firmware

cisco sg500x-48 firmware

cisco sg500x-48p firmware

cisco sg500x-48mp firmware

cisco sg500xg-8f8t firmware

Vendor Advisories

Cisco: Cisco Small Business Series Switches Session Credentials Replay Vulnerability
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device This vulnerability is due to insufficient expiration of session cred ...

References

CWE-613https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusionCVE-2023-38506CVE-2024-37198CVE-2023-45197CVE-2024-38621CVE-2024-30103elevation of privilegeCVE-2024-0044IMAP
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook