Lucene search

CiscoCVE-2020-3121

HistoryJan 26, 2020 - 5:15 a.m.

CVE-2020-3121

2020-01-2605:15:17

CWE-79

cisco

web.nvd.nist.gov

116

cve-2020-3121

cisco

small business

smart switches

managed switches

web interface

xss

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Affected configurations

Nvd

Node

ciscosg250x-24_firmwareRange≤2.5.0.90

AND

ciscosg250x-24Match-

Node

ciscosg250x-24p_firmwareRange≤2.5.0.90

AND

ciscosg250x-24pMatch-

Node

ciscosg250x-48_firmwareRange≤2.5.0.90

AND

ciscosg250x-48Match-

Node

ciscosg250x-48p_firmwareRange≤2.5.0.90

AND

ciscosg250x-48pMatch-

Node

ciscosg250-08_firmwareRange≤2.5.0.90

AND

ciscosg250-08Match-

Node

ciscosg250-08hp_firmwareRange≤2.5.0.90

AND

ciscosg250-08hpMatch-

Node

ciscosg250-10p_firmwareRange≤2.5.0.90

AND

ciscosg250-10pMatch-

Node

ciscosg250-18_firmwareRange≤2.5.0.90

AND

ciscosg250-18Match-

Node

ciscosg250-26_firmwareRange≤2.5.0.90

AND

ciscosg250-26Match-

Node

ciscosg250-26hp_firmwareRange≤2.5.0.90

AND

ciscosg250-26hpMatch-

Node

ciscosg250-26p_firmwareRange≤2.5.0.90

AND

ciscosg250-26pMatch-

Node

ciscosg250-50_firmwareRange≤2.5.0.90

AND

ciscosg250-50Match-

Node

ciscosg250-50hp_firmwareRange≤2.5.0.90

AND

ciscosg250-50hpMatch-

Node

ciscosg250-50p_firmwareRange≤2.5.0.90

AND

ciscosg250-50pMatch-

Node

ciscosg250-24_firmwareRange≤2.5.0.90

AND

ciscosg250-24Match-

Node

ciscosg250-24pMatch-

AND

ciscosg250-24p_firmwareRange≤2.5.0.90

Node

ciscosg250-48Match-

AND

ciscosg250-48_firmwareRange≤2.5.0.90

Node

ciscosg250-48hpMatch-

AND

ciscosg250-48hp_firmwareRange≤2.5.0.90

Node

ciscosf350-48Match-

AND

ciscosf350-48_firmwareRange≤2.5.0.90

Node

ciscosf350-48pMatch-

AND

ciscosf350-48p_firmwareRange≤2.5.0.90

Node

ciscosf350-48mpMatch-

AND

ciscosf350-48mp_firmwareRange≤2.5.0.90

Node

ciscosg350-10Match-

AND

ciscosg350-10_firmwareRange≤2.5.0.90

Node

ciscosg350-10pMatch-

AND

ciscosg350-10p_firmwareRange≤2.5.0.90

Node

ciscosg350-10mp_firmwareRange≤2.5.0.90

AND

ciscosg350-10mpMatch-

Node

ciscosg355-10mp_firmwareRange≤2.5.0.90

AND

ciscosg355-10mpMatch-

Node

ciscosg350-28_firmwareRange≤2.5.0.90

AND

ciscosg350-28Match-

Node

ciscosg350-28p_firmwareRange≤2.5.0.90

AND

ciscosg350-28pMatch-

Node

ciscosg350-28mp_firmwareRange≤2.5.0.90

AND

ciscosg350-28mpMatch-

Node

ciscosx550x-16ft_firmwareRange≤2.5.0.90

AND

ciscosx550x-16ftMatch-

Node

ciscosx550x-24ft_firmwareRange≤2.5.0.90

AND

ciscosx550x-24ftMatch-

Node

ciscosx550x-12ft_firmwareRange≤2.5.0.90

AND

ciscosx550x-12ftMatch-

Node

ciscosx550x-24ft_firmwareRange≤2.5.0.90

AND

ciscosx550x-24ftMatch-

Node

ciscosx550x-24_firmwareRange≤2.5.0.90

AND

ciscosx550x-24Match-

Node

ciscosx550x-52_firmwareRange≤2.5.0.90

AND

ciscosx550x-52Match-

Node

ciscosg550x-24_firmwareRange≤2.5.0.90

AND

ciscosg550x-24Match-

Node

ciscosg550x-24p_firmwareRange≤2.5.0.90

AND

ciscosg550x-24pMatch-

Node

ciscosg550x-24mp_firmwareRange≤2.5.0.90

AND

ciscosg550x-24mpMatch-

Node

ciscosg550x-24mpp_firmwareRange≤2.5.0.90

AND

ciscosg550x-24mppMatch-

Node

ciscosg550x-48_firmwareRange≤2.5.0.90

AND

ciscosg550x-48Match-

Node

ciscosg550x-48p_firmwareRange≤2.5.0.90

AND

ciscosg550x-48pMatch-

Node

ciscosg550x-48mp_firmwareRange≤2.5.0.90

AND

ciscosg550x-48mpMatch-

Node

ciscosf550x-24_firmwareRange≤2.5.0.90

AND

ciscosf550x-24Match-

Node

ciscosf550x-24p_firmwareRange≤2.5.0.90

AND

ciscosf550x-24pMatch-

Node

ciscosf550x-48_firmwareRange≤2.5.0.90

AND

ciscosf550x-48Match-

Node

ciscosf550x-48p_firmwareRange≤2.5.0.90

AND

ciscosf550x-48pMatch-

Node

ciscosf550x-48mp_firmwareRange≤2.5.0.90

AND

ciscosf550x-48mpMatch-

VendorProductVersionCPE
ciscosg250x-24_firmware*cpe:2.3:o:cisco:sg250x-24_firmware:*:*:*:*:*:*:*:*
ciscosg250x-24-cpe:2.3:h:cisco:sg250x-24:-:*:*:*:*:*:*:*
ciscosg250x-24p_firmware*cpe:2.3:o:cisco:sg250x-24p_firmware:*:*:*:*:*:*:*:*
ciscosg250x-24p-cpe:2.3:h:cisco:sg250x-24p:-:*:*:*:*:*:*:*
ciscosg250x-48_firmware*cpe:2.3:o:cisco:sg250x-48_firmware:*:*:*:*:*:*:*:*
ciscosg250x-48-cpe:2.3:h:cisco:sg250x-48:-:*:*:*:*:*:*:*
ciscosg250x-48p_firmware*cpe:2.3:o:cisco:sg250x-48p_firmware:*:*:*:*:*:*:*:*
ciscosg250x-48p-cpe:2.3:h:cisco:sg250x-48p:-:*:*:*:*:*:*:*
ciscosg250-08_firmware*cpe:2.3:o:cisco:sg250-08_firmware:*:*:*:*:*:*:*:*
ciscosg250-08-cpe:2.3:h:cisco:sg250-08:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sg250x-24_firmware	*	cpe:2.3:o:cisco:sg250x-24_firmware::::::::
cisco	sg250x-24	-	cpe:2.3:h:cisco:sg250x-24:-:::::::*
cisco	sg250x-24p_firmware	*	cpe:2.3:o:cisco:sg250x-24p_firmware::::::::
cisco	sg250x-24p	-	cpe:2.3:h:cisco:sg250x-24p:-:::::::*
cisco	sg250x-48_firmware	*	cpe:2.3:o:cisco:sg250x-48_firmware::::::::
cisco	sg250x-48	-	cpe:2.3:h:cisco:sg250x-48:-:::::::*
cisco	sg250x-48p_firmware	*	cpe:2.3:o:cisco:sg250x-48p_firmware::::::::
cisco	sg250x-48p	-	cpe:2.3:h:cisco:sg250x-48p:-:::::::*
cisco	sg250-08_firmware	*	cpe:2.3:o:cisco:sg250-08_firmware::::::::
cisco	sg250-08	-	cpe:2.3:h:cisco:sg250-08:-:::::::*

Rows per page:

1-10 of 901

CNA Affected

[
  {
    "product": "Cisco 550X Series Stackable Managed Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

Related for CVE-2020-3121