CVE-2021-34739

04.11.2021, 16:15

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cisco	CNA	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 65%

Vendor	Product	Version
cisco	sf250-24_firmware	𝑥 ≤ 2.5
cisco	sf250-24p_firmware	𝑥 ≤ 2.5
cisco	sf250-48_firmware	𝑥 ≤ 2.5
cisco	sf250-48hp_firmware	𝑥 ≤ 2.5
cisco	sf250-08_firmware	𝑥 ≤ 2.5
cisco	sf250-08hp_firmware	𝑥 ≤ 2.5
cisco	sf250-10p_firmware	𝑥 ≤ 2.5
cisco	sf250-18_firmware	𝑥 ≤ 2.5
cisco	sf250-26_firmware	𝑥 ≤ 2.5
cisco	sf250-26hp_firmware	𝑥 ≤ 2.5
cisco	sf250-26p_firmware	𝑥 ≤ 2.5
cisco	sf250-50_firmware	𝑥 ≤ 2.5
cisco	sf250-50hp_firmware	𝑥 ≤ 2.5
cisco	sf250-50p_firmware	𝑥 ≤ 2.5
cisco	sf250x-24_firmware	𝑥 ≤ 2.5
cisco	sf250x-24p_firmware	𝑥 ≤ 2.5
cisco	sf250x-48_firmware	𝑥 ≤ 2.5
cisco	sf250x-48p_firmware	𝑥 ≤ 2.5
cisco	sf350-08_firmware	𝑥 ≤ 2.5
cisco	sf350-24_firmware	𝑥 ≤ 2.5
cisco	sf350-24mp_firmware	𝑥 ≤ 2.5
cisco	sf350-24p_firmware	𝑥 ≤ 2.5
cisco	sf350-48_firmware	𝑥 ≤ 2.5
cisco	sf350-8mp_firmware	𝑥 ≤ 2.5
cisco	sf350-48p_firmware	𝑥 ≤ 2.5
cisco	sf352-08_firmware	𝑥 ≤ 2.5
cisco	sf352-08mp_firmware	𝑥 ≤ 2.5
cisco	sf352-08p_firmware	𝑥 ≤ 2.5
cisco	sf350-8pd_firmware	𝑥 ≤ 2.5
cisco	sf350-10_firmware	𝑥 ≤ 2.5
cisco	sf350-10mp_firmware	𝑥 ≤ 2.5
cisco	sf350-10p_firmware	𝑥 ≤ 2.5
cisco	sf350-10sfp_firmware	𝑥 ≤ 2.5
cisco	sf350-20_firmware	𝑥 ≤ 2.5
cisco	sf350-28_firmware	𝑥 ≤ 2.5
cisco	sf350-28mp_firmware	𝑥 ≤ 2.5
cisco	sf350-28p_firmware	𝑥 ≤ 2.5
cisco	sf350-28sfp_firmware	𝑥 ≤ 2.5
cisco	sf350-52_firmware	𝑥 ≤ 2.5
cisco	sf350-52mp_firmware	𝑥 ≤ 2.5
cisco	sf350-52p_firmware	𝑥 ≤ 2.5
cisco	sf355-10p_firmware	𝑥 ≤ 2.5
cisco	sg350x-8pmd_firmware	𝑥 ≤ 2.5
cisco	sg350x-12pmv_firmware	𝑥 ≤ 2.5
cisco	sg350x-24_firmware	𝑥 ≤ 2.5
cisco	sg350x-24p_firmware	𝑥 ≤ 2.5
cisco	sg350x-24mp_firmware	𝑥 ≤ 2.5
cisco	sg350x-24pd_firmware	𝑥 ≤ 2.5
cisco	sg350x-24pv_firmware	𝑥 ≤ 2.5
cisco	sg350x-48_firmware	𝑥 ≤ 2.5
cisco	sg350x-48p_firmware	𝑥 ≤ 2.5
cisco	sg350x-48mp_firmware	𝑥 ≤ 2.5
cisco	sg350x-48pv_firmware	𝑥 ≤ 2.5
cisco	sg350xg-2f10_firmware	𝑥 ≤ 2.5
cisco	sg350xg-24f_firmware	𝑥 ≤ 2.5
cisco	sg350xg-24t_firmware	𝑥 ≤ 2.5
cisco	sg350xg-48t_firmware	𝑥 ≤ 2.5
cisco	sx350x-08_firmware	𝑥 ≤ 2.5
cisco	sx350x-12_firmware	𝑥 ≤ 2.5
cisco	sx350x-24f_firmware	𝑥 ≤ 2.5
cisco	sx350x-24_firmware	𝑥 ≤ 2.5
cisco	sx350x-52_firmware	𝑥 ≤ 2.5
cisco	sf550x-24_firmware	𝑥 ≤ 2.5
cisco	sf550x-24p_firmware	𝑥 ≤ 2.5
cisco	sf550x-24mp_firmware	𝑥 ≤ 2.5
cisco	sf550x-48_firmware	𝑥 ≤ 2.5
cisco	sf550x-48p_firmware	𝑥 ≤ 2.5
cisco	sf550x-48mp_firmware	𝑥 ≤ 2.5
cisco	sg550x-24_firmware	𝑥 ≤ 2.5
cisco	sg550x-24p_firmware	𝑥 ≤ 2.5
cisco	sg550x-24mp_firmware	𝑥 ≤ 2.5
cisco	sg550x-24mpp_firmware	𝑥 ≤ 2.5
cisco	sg550x-48_firmware	𝑥 ≤ 2.5
cisco	sg550x-48p_firmware	𝑥 ≤ 2.5
cisco	sg550x-48mp_firmware	𝑥 ≤ 2.5
cisco	sg550xg-8f8t_firmware	𝑥 ≤ 2.5
cisco	sg550xg-24f_firmware	𝑥 ≤ 2.5
cisco	sg550xg-24t_firmware	𝑥 ≤ 2.5
cisco	sg550xg-48t_firmware	𝑥 ≤ 2.5
cisco	sx550x-12f_firmware	𝑥 ≤ 2.5
cisco	sx550x-16ft_firmware	𝑥 ≤ 2.5
cisco	sx550x-24ft_firmware	𝑥 ≤ 2.5
cisco	sx550x-24f_firmware	𝑥 ≤ 2.5
cisco	sx550x-24_firmware	𝑥 ≤ 2.5
cisco	sx550x-52_firmware	𝑥 ≤ 2.5
cisco	cbs250-8t-d_firmware	𝑥 ≤ 3.1
cisco	cbs250-8pp-d_firmware	𝑥 ≤ 3.1
cisco	cbs250-8t-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs250-8pp-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs250-8p-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs250-8fp-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs250-16t-2g_firmware	𝑥 ≤ 3.1
cisco	cbs250-16p-2g_firmware	𝑥 ≤ 3.1
cisco	cbs250-24t-4g_firmware	𝑥 ≤ 3.1
cisco	cbs250-24pp-4g_firmware	𝑥 ≤ 3.1
cisco	cbs250-24p-4g_firmware	𝑥 ≤ 3.1
cisco	cbs250-24fp-4g_firmware	𝑥 ≤ 3.1
cisco	cbs250-48t-4g_firmware	𝑥 ≤ 3.1
cisco	cbs250-48pp-4g_firmware	𝑥 ≤ 3.1
cisco	cbs250-48p-4g_firmware	𝑥 ≤ 3.1
cisco	cbs250-24t-4x_firmware	𝑥 ≤ 3.1
cisco	cbs250-24p-4x_firmware	𝑥 ≤ 3.1
cisco	cbs250-24fp-4x_firmware	𝑥 ≤ 3.1
cisco	cbs250-48t-4x_firmware	𝑥 ≤ 3.1
cisco	cbs250-48p-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-8t-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-8p-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-8p-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-8fp-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-8fp-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-8s-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-16t-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-16t-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-16p-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-16p-e-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-16fp-2g_firmware	𝑥 ≤ 3.1
cisco	cbs350-24t-4g_firmware	𝑥 ≤ 3.1
cisco	cbs350-24p-4g_firmware	𝑥 ≤ 3.1
cisco	cbs350-24fp-4g_firmware	𝑥 ≤ 3.1
cisco	cbs350-24s-4g_firmware	𝑥 ≤ 3.1
cisco	cbs350-48t-4g_firmware	𝑥 ≤ 3.1
cisco	cbs350-48p-4g_firmware	𝑥 ≤ 3.1
cisco	cbs350-48fp-4g_firmware	𝑥 ≤ 3.1
cisco	cbs350-24t-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-24p-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-24fp-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-48t-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-48p-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-48fp-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-8mgp-2x_firmware	𝑥 ≤ 3.1
cisco	cbs350-8mp-2x_firmware	𝑥 ≤ 3.1
cisco	cbs350-24mgp-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-12np-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-24ngp-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-48ngp-4x_firmware	𝑥 ≤ 3.1
cisco	cbs350-8xt_firmware	𝑥 ≤ 3.1
cisco	cbs350-12xs_firmware	𝑥 ≤ 3.1
cisco	cbs350-12xt_firmware	𝑥 ≤ 3.1
cisco	cbs350-16xts_firmware	𝑥 ≤ 3.1
cisco	cbs350-24xs_firmware	𝑥 ≤ 3.1
cisco	cbs350-24xt_firmware	𝑥 ≤ 3.1
cisco	cbs350-24xts_firmware	𝑥 ≤ 3.1
cisco	cbs350-48xt-4x_firmware	𝑥 ≤ 3.1
cisco	esw2-350g-52_firmware	𝑥 ≤ 2.5
cisco	esw2-350g-52dc_firmware	𝑥 ≤ 2.5
cisco	esw2-550x-48_firmware	𝑥 ≤ 2.5
cisco	esw2-550x-48dc_firmware	𝑥 ≤ 2.5
cisco	sf200-24_firmware	-
cisco	sf200-24p_firmware	-
cisco	sf200-24fp_firmware	-
cisco	sf200-48_firmware	-
cisco	sf200-48p_firmware	-
cisco	sg200-08_firmware	-
cisco	sg200-08p_firmware	-
cisco	sg200-10fp_firmware	-
cisco	sg200-18_firmware	-
cisco	sg200-26_firmware	-
cisco	sg200-26p_firmware	-
cisco	sg200-26fp_firmware	-
cisco	sg200-50_firmware	-
cisco	sg200-50p_firmware	-
cisco	sg200-50fp_firmware	-
cisco	sf300-08_firmware	1.4.11.02
cisco	sf302-08_firmware	1.4.11.02
cisco	sf302-08p_firmware	1.4.11.02
cisco	sf302-08pp_firmware	1.4.11.02
cisco	sf302-08mp_firmware	1.4.11.02
cisco	sf302-08mpp_firmware	1.4.11.02
cisco	sf300-24_firmware	1.4.11.02
cisco	sf300-24p_firmware	1.4.11.02
cisco	sf300-24pp_firmware	1.4.11.02
cisco	sf300-24mp_firmware	1.4.11.02
cisco	sf300-48_firmware	1.4.11.02
cisco	sf300-48p_firmware	1.4.11.02
cisco	sf300-48pp_firmware	1.4.11.02
cisco	sg300-10_firmware	1.4.11.02
cisco	sg300-10sfp_firmware	1.4.11.02
cisco	sg300-10p_firmware	1.4.11.02
cisco	sg300-10pp_firmware	1.4.11.02
cisco	sg300-10mp_firmware	1.4.11.02
cisco	sg300-10mpp_firmware	1.4.11.02
cisco	sg300-20_firmware	1.4.11.02
cisco	sg300-28_firmware	1.4.11.02
cisco	sg300-28p_firmware	1.4.11.02
cisco	sg300-28pp_firmware	1.4.11.02
cisco	sg300-28mp_firmware	1.4.11.02
cisco	sg300-52_firmware	1.4.11.02
cisco	sg300-52p_firmware	1.4.11.02
cisco	sg300-52mp_firmware	1.4.11.02
cisco	sg300-28sfp_firmware	1.4.11.02
cisco	sf500-24_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sf500-24p_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sf500-24mp_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sf500-48_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sf500-48p_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sf500-48mp_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500-28_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500-28p_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500-28mpp_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500-52_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500-52p_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500-52mp_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500x-24_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500x-24p_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500x-24mpp_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500x-48_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500x-48p_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500x-48mp_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12
cisco	sg500xg-8f8t_firmware	2.5.5.0 ≤ 𝑥 < 2.5.8.12

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-613 - Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5