CVE-2021-40127

Published: 04/11/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote malicious user to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the malicious user to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco sf200-24 firmware -
cisco sf200-24fp firmware -
cisco sf200-24p firmware -
cisco sf200-48 firmware -
cisco sf200-48p firmware -
cisco sf200e-24 firmware -
cisco sf200e-24p firmware -
cisco sf200e-48 firmware -
cisco sf200e-48p firmware -
cisco sg200-08 firmware -
cisco sg200-08p firmware -
cisco sg200-10fp firmware -
cisco sg200-18 firmware -
cisco sg200-26 firmware -
cisco sg200-26fp firmware -
cisco sg200-26p firmware -
cisco sg200-50 firmware -
cisco sg200-50fp firmware -
cisco sg200-50p firmware -
cisco sf300-08 firmware 1.4.11.02
cisco sf300-24 firmware 1.4.11.02
cisco sf300-24mp firmware 1.4.11.02
cisco sf300-24p firmware 1.4.11.02
cisco sf300-24pp firmware 1.4.11.02
cisco sf300-48 firmware 1.4.11.02
cisco sf300-48p firmware 1.4.11.02
cisco sf300-48pp firmware 1.4.11.02
cisco sf302-08 firmware 1.4.11.02
cisco sf302-08mp firmware 1.4.11.02
cisco sf302-08mpp firmware 1.4.11.02
cisco sf302-08p firmware 1.4.11.02
cisco sf302-08pp firmware 1.4.11.02
cisco sg300-10 firmware 1.4.11.02
cisco sg300-10mp firmware 1.4.11.02
cisco sg300-10mpp firmware 1.4.11.02
cisco sg300-10p firmware 1.4.11.02
cisco sg300-10pp firmware 1.4.11.02
cisco sg300-sfp firmware 1.4.11.02
cisco sg300-20 firmware 1.4.11.02
cisco sg300-28 firmware 1.4.11.02
cisco sg300-28mp firmware 1.4.11.02
cisco sg300-28p firmware 1.4.11.02
cisco sg300-28pp firmware 1.4.11.02
cisco sg300-28sfp firmware 1.4.11.02
cisco sg300-52 firmware 1.4.11.02
cisco sg300-52mp firmware 1.4.11.02
cisco sg300-52p firmware 1.4.11.02
cisco sf500-24 firmware -
cisco sf500-24mp firmware -
cisco sf500-24p firmware -
cisco sf500-48 firmware -
cisco sf500-48mp firmware -
cisco sf500-48p firmware -
cisco sg500-28 firmware -
cisco sg500-28mpp firmware -
cisco sg500-28p firmware -
cisco sg500-52 firmware -
cisco sg500-52mp firmware -
cisco sg500-52p firmware -
cisco sg500x-24 firmware -
cisco sg500x-24mpp firmware -
cisco sg500x-24p firmware -
cisco sg500x-48 firmware -
cisco sg500x-48mpp firmware -
cisco sg500x-48p firmware -
cisco sg500xg-8f8t firmware -

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of serv ...

CWE-20 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8 https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8

CVE-2021-40127

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect