CVE-2021-40113
EUVD-2021-2730004.11.2021, 16:15
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| cisco | catalyst_pon_switch_cgp-ont-1p_firmware | 𝑥 < 1.1.1.14 |
| cisco | catalyst_pon_switch_cgp-ont-4p_firmware | 𝑥 < 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4pvc_firmware | 𝑥 < 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4tvcw_firmware | 𝑥 < 1.1.3.17 |
| cisco | catalyst_pon_switch_cgp-ont-4pv_firmware | 𝑥 < 1.1.3.17 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.