CVE-2021-40127

Published: 04/11/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote malicious user to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the malicious user to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco sf200-24_firmware -
cisco sf200-24fp_firmware -
cisco sf200-24p_firmware -
cisco sf200-48_firmware -
cisco sf200-48p_firmware -
cisco sf200e-24_firmware -
cisco sf200e-24p_firmware -
cisco sf200e-48_firmware -
cisco sf200e-48p_firmware -
cisco sg200-08_firmware -
cisco sg200-08p_firmware -
cisco sg200-10fp_firmware -
cisco sg200-18_firmware -
cisco sg200-26_firmware -
cisco sg200-26fp_firmware -
cisco sg200-26p_firmware -
cisco sg200-50_firmware -
cisco sg200-50fp_firmware -
cisco sg200-50p_firmware -
cisco sf300-08_firmware 1.4.11.02
cisco sf300-24_firmware 1.4.11.02
cisco sf300-24mp_firmware 1.4.11.02
cisco sf300-24p_firmware 1.4.11.02
cisco sf300-24pp_firmware 1.4.11.02
cisco sf300-48_firmware 1.4.11.02
cisco sf300-48p_firmware 1.4.11.02
cisco sf300-48pp_firmware 1.4.11.02
cisco sf302-08_firmware 1.4.11.02
cisco sf302-08mp_firmware 1.4.11.02
cisco sf302-08mpp_firmware 1.4.11.02
cisco sf302-08p_firmware 1.4.11.02
cisco sf302-08pp_firmware 1.4.11.02
cisco sg300-10_firmware 1.4.11.02
cisco sg300-10mp_firmware 1.4.11.02
cisco sg300-10mpp_firmware 1.4.11.02
cisco sg300-10p_firmware 1.4.11.02
cisco sg300-10pp_firmware 1.4.11.02
cisco sg300-sfp_firmware 1.4.11.02
cisco sg300-20_firmware 1.4.11.02
cisco sg300-28_firmware 1.4.11.02
cisco sg300-28mp_firmware 1.4.11.02
cisco sg300-28p_firmware 1.4.11.02
cisco sg300-28pp_firmware 1.4.11.02
cisco sg300-28sfp_firmware 1.4.11.02
cisco sg300-52_firmware 1.4.11.02
cisco sg300-52mp_firmware 1.4.11.02
cisco sg300-52p_firmware 1.4.11.02
cisco sf500-24_firmware -
cisco sf500-24mp_firmware -
cisco sf500-24p_firmware -
cisco sf500-48_firmware -
cisco sf500-48mp_firmware -
cisco sf500-48p_firmware -
cisco sg500-28_firmware -
cisco sg500-28mpp_firmware -
cisco sg500-28p_firmware -
cisco sg500-52_firmware -
cisco sg500-52mp_firmware -
cisco sg500-52p_firmware -
cisco sg500x-24_firmware -
cisco sg500x-24mpp_firmware -
cisco sg500x-24p_firmware -
cisco sg500x-48_firmware -
cisco sg500x-48mpp_firmware -
cisco sg500x-48p_firmware -
cisco sg500xg-8f8t_firmware -

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of serv ...

CWE-20 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8 https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8

CVE-2021-40127

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect