Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sf220\-48p_firmware
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-16 | CVE-2021-1541 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | Sf220\-24_firmware, Sf220\-24p_firmware, Sf220\-48_firmware, Sf220\-48p_firmware, Sg220\-26_firmware, Sg220\-26p_firmware, Sg220\-28mp_firmware, Sg220\-50_firmware, Sg220\-50p_firmware | 7.2 | ||
| 2021-06-16 | CVE-2021-1542 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | Sf220\-24_firmware, Sf220\-24p_firmware, Sf220\-48_firmware, Sf220\-48p_firmware, Sg220\-26_firmware, Sg220\-26p_firmware, Sg220\-28mp_firmware, Sg220\-50_firmware, Sg220\-50p_firmware | 8.1 | ||
| 2021-06-16 | CVE-2021-1543 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | Sf220\-24_firmware, Sf220\-24p_firmware, Sf220\-48_firmware, Sf220\-48p_firmware, Sg220\-26_firmware, Sg220\-26p_firmware, Sg220\-28mp_firmware, Sg220\-50_firmware, Sg220\-50p_firmware | 6.1 | ||
| 2021-06-16 | CVE-2021-1571 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | Sf220\-24_firmware, Sf220\-24p_firmware, Sf220\-48_firmware, Sf220\-48p_firmware, Sg220\-26_firmware, Sg220\-26p_firmware, Sg220\-28mp_firmware, Sg220\-50_firmware, Sg220\-50p_firmware | 6.1 | ||
| 2019-08-07 | CVE-2019-1912 | A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or... | Sf220\-24p_firmware, Sf220\-48_firmware, Sf220\-48p_firmware, Sf\-220\-24_firmware, Sg220\-26_firmware, Sg220\-26p_firmware, Sg220\-28_firmware, Sg220\-28mp_firmware, Sg220\-50_firmware, Sg220\-50p_firmware, Sg220\-52_firmware | 9.1 | ||
| 2019-08-07 | CVE-2019-1914 | A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a... | Sf220\-24p_firmware, Sf220\-48_firmware, Sf220\-48p_firmware, Sf\-220\-24_firmware, Sg220\-26_firmware, Sg220\-26p_firmware, Sg220\-28_firmware, Sg220\-28mp_firmware, Sg220\-50_firmware, Sg220\-50p_firmware, Sg220\-52_firmware | 7.2 | ||
| 2019-08-07 | CVE-2019-1913 | Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending... | Sf220\-24p_firmware, Sf220\-48_firmware, Sf220\-48p_firmware, Sf\-220\-24_firmware, Sg220\-26_firmware, Sg220\-26p_firmware, Sg220\-28_firmware, Sg220\-28mp_firmware, Sg220\-50_firmware, Sg220\-50p_firmware, Sg220\-52_firmware | 9.8 |