CVE-2021-1542

Name of the Vulnerable Software and Affected Versions Cisco Small Business 220 Series Smart Switches (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the web-based management interface, potentially allowing an attacker to hijack a user session, execute arbitrary commands as a root user, conduct cross-site scripting (XSS) attacks, or perform HTML injection attacks. The vulnerability is also related to an incorrect session expiration time, which could enable a remote attacker to bypass authentication, gain unauthorized access to the device's web interface, and perform actions with administrator privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.