CVE-2016-1470

Published: Sep 2, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.

Affected (3)

Products: Cisco: Small Business 220 Series Smart Plus Switches

1 product

Small Business 220 Series Smart Plus Switches

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.17
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.18
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.19

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/92709

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036722

Source: psirt@cisco.com

http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_csrf.pdf

Source: psirt@cisco.com

ExploitThird Party Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92709

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036722

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_csrf.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.