Lucene search

[email protected]NVD:CVE-2020-3121

HistoryJan 26, 2020 - 5:15 a.m.

CVE-2020-3121

2020-01-2605:15:17

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Affected configurations

Nvd

Node

ciscosg250x-24_firmwareRange≤2.5.0.90

AND

ciscosg250x-24Match-

Node

ciscosg250x-24p_firmwareRange≤2.5.0.90

AND

ciscosg250x-24pMatch-

Node

ciscosg250x-48_firmwareRange≤2.5.0.90

AND

ciscosg250x-48Match-

Node

ciscosg250x-48p_firmwareRange≤2.5.0.90

AND

ciscosg250x-48pMatch-

Node

ciscosg250-08_firmwareRange≤2.5.0.90

AND

ciscosg250-08Match-

Node

ciscosg250-08hp_firmwareRange≤2.5.0.90

AND

ciscosg250-08hpMatch-

Node

ciscosg250-10p_firmwareRange≤2.5.0.90

AND

ciscosg250-10pMatch-

Node

ciscosg250-18_firmwareRange≤2.5.0.90

AND

ciscosg250-18Match-

Node

ciscosg250-26_firmwareRange≤2.5.0.90

AND

ciscosg250-26Match-

Node

ciscosg250-26hp_firmwareRange≤2.5.0.90

AND

ciscosg250-26hpMatch-

Node

ciscosg250-26p_firmwareRange≤2.5.0.90

AND

ciscosg250-26pMatch-

Node

ciscosg250-50_firmwareRange≤2.5.0.90

AND

ciscosg250-50Match-

Node

ciscosg250-50hp_firmwareRange≤2.5.0.90

AND

ciscosg250-50hpMatch-

Node

ciscosg250-50p_firmwareRange≤2.5.0.90

AND

ciscosg250-50pMatch-

Node

ciscosg250-24_firmwareRange≤2.5.0.90

AND

ciscosg250-24Match-

Node

ciscosg250-24pMatch-

AND

ciscosg250-24p_firmwareRange≤2.5.0.90

Node

ciscosg250-48Match-

AND

ciscosg250-48_firmwareRange≤2.5.0.90

Node

ciscosg250-48hpMatch-

AND

ciscosg250-48hp_firmwareRange≤2.5.0.90

Node

ciscosf350-48Match-

AND

ciscosf350-48_firmwareRange≤2.5.0.90

Node

ciscosf350-48pMatch-

AND

ciscosf350-48p_firmwareRange≤2.5.0.90

Node

ciscosf350-48mpMatch-

AND

ciscosf350-48mp_firmwareRange≤2.5.0.90

Node

ciscosg350-10Match-

AND

ciscosg350-10_firmwareRange≤2.5.0.90

Node

ciscosg350-10pMatch-

AND

ciscosg350-10p_firmwareRange≤2.5.0.90

Node

ciscosg350-10mp_firmwareRange≤2.5.0.90

AND

ciscosg350-10mpMatch-

Node

ciscosg355-10mp_firmwareRange≤2.5.0.90

AND

ciscosg355-10mpMatch-

Node

ciscosg350-28_firmwareRange≤2.5.0.90

AND

ciscosg350-28Match-

Node

ciscosg350-28p_firmwareRange≤2.5.0.90

AND

ciscosg350-28pMatch-

Node

ciscosg350-28mp_firmwareRange≤2.5.0.90

AND

ciscosg350-28mpMatch-

Node

ciscosx550x-16ft_firmwareRange≤2.5.0.90

AND

ciscosx550x-16ftMatch-

Node

ciscosx550x-24ft_firmwareRange≤2.5.0.90

AND

ciscosx550x-24ftMatch-

Node

ciscosx550x-12ft_firmwareRange≤2.5.0.90

AND

ciscosx550x-12ftMatch-

Node

ciscosx550x-24ft_firmwareRange≤2.5.0.90

AND

ciscosx550x-24ftMatch-

Node

ciscosx550x-24_firmwareRange≤2.5.0.90

AND

ciscosx550x-24Match-

Node

ciscosx550x-52_firmwareRange≤2.5.0.90

AND

ciscosx550x-52Match-

Node

ciscosg550x-24_firmwareRange≤2.5.0.90

AND

ciscosg550x-24Match-

Node

ciscosg550x-24p_firmwareRange≤2.5.0.90

AND

ciscosg550x-24pMatch-

Node

ciscosg550x-24mp_firmwareRange≤2.5.0.90

AND

ciscosg550x-24mpMatch-

Node

ciscosg550x-24mpp_firmwareRange≤2.5.0.90

AND

ciscosg550x-24mppMatch-

Node

ciscosg550x-48_firmwareRange≤2.5.0.90

AND

ciscosg550x-48Match-

Node

ciscosg550x-48p_firmwareRange≤2.5.0.90

AND

ciscosg550x-48pMatch-

Node

ciscosg550x-48mp_firmwareRange≤2.5.0.90

AND

ciscosg550x-48mpMatch-

Node

ciscosf550x-24_firmwareRange≤2.5.0.90

AND

ciscosf550x-24Match-

Node

ciscosf550x-24p_firmwareRange≤2.5.0.90

AND

ciscosf550x-24pMatch-

Node

ciscosf550x-48_firmwareRange≤2.5.0.90

AND

ciscosf550x-48Match-

Node

ciscosf550x-48p_firmwareRange≤2.5.0.90

AND

ciscosf550x-48pMatch-

Node

ciscosf550x-48mp_firmwareRange≤2.5.0.90

AND

ciscosf550x-48mpMatch-

VendorProductVersionCPE
ciscosg250x-24_firmware*cpe:2.3:o:cisco:sg250x-24_firmware:*:*:*:*:*:*:*:*
ciscosg250x-24-cpe:2.3:h:cisco:sg250x-24:-:*:*:*:*:*:*:*
ciscosg250x-24p_firmware*cpe:2.3:o:cisco:sg250x-24p_firmware:*:*:*:*:*:*:*:*
ciscosg250x-24p-cpe:2.3:h:cisco:sg250x-24p:-:*:*:*:*:*:*:*
ciscosg250x-48_firmware*cpe:2.3:o:cisco:sg250x-48_firmware:*:*:*:*:*:*:*:*
ciscosg250x-48-cpe:2.3:h:cisco:sg250x-48:-:*:*:*:*:*:*:*
ciscosg250x-48p_firmware*cpe:2.3:o:cisco:sg250x-48p_firmware:*:*:*:*:*:*:*:*
ciscosg250x-48p-cpe:2.3:h:cisco:sg250x-48p:-:*:*:*:*:*:*:*
ciscosg250-08_firmware*cpe:2.3:o:cisco:sg250-08_firmware:*:*:*:*:*:*:*:*
ciscosg250-08-cpe:2.3:h:cisco:sg250-08:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sg250x-24_firmware	*	cpe:2.3:o:cisco:sg250x-24_firmware::::::::
cisco	sg250x-24	-	cpe:2.3:h:cisco:sg250x-24:-:::::::*
cisco	sg250x-24p_firmware	*	cpe:2.3:o:cisco:sg250x-24p_firmware::::::::
cisco	sg250x-24p	-	cpe:2.3:h:cisco:sg250x-24p:-:::::::*
cisco	sg250x-48_firmware	*	cpe:2.3:o:cisco:sg250x-48_firmware::::::::
cisco	sg250x-48	-	cpe:2.3:h:cisco:sg250x-48:-:::::::*
cisco	sg250x-48p_firmware	*	cpe:2.3:o:cisco:sg250x-48p_firmware::::::::
cisco	sg250x-48p	-	cpe:2.3:h:cisco:sg250x-48p:-:::::::*
cisco	sg250-08_firmware	*	cpe:2.3:o:cisco:sg250-08_firmware::::::::
cisco	sg250-08	-	cpe:2.3:h:cisco:sg250-08:-:::::::*

Rows per page:

1-10 of 901

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

Related for NVD:CVE-2020-3121

cisco1 cvelist1 cve1 prion1