CVE-2021-34776
4.3
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD
Description
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
Affected (16)
Products: Cisco: Business 220 8t E 2g Firmware, Business 220 8p E 2g Firmware, Business 220 8fp E 2g Firmware, Business 220 16t 2g Firmware, Business 220 16p 2g Firmware, Business 220 24t 4g Firmware, Business 220 24p 4g Firmware, Business 220 24fp 4g Firmware, Business 220 48t 4g Firmware, Business 220 48p 4g Firmware, Business 220 24t 4x Firmware, Business 220 24p 4x Firmware, Business 220 24fp 4x Firmware, Business 220 48t 4x Firmware, Business 220 48p 4x Firmware, Business 220 48fp 4x Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 8t E 2g | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 8p E 2g | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 8fp E 2g | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 16t 2g | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 16p 2g | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 24t 4g | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 24p 4g | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 24fp 4g | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 48t 4g | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 48p 4g | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 24t 4x | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 24p 4x | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 24fp 4x | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 48t 4x | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 48p 4x | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.2.0.6 |
| Running on/with | Platform Versions |
|---|---|
Cisco Business 220 48fp 4x | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.