PT-2021-4656 · Cisco · Cisco Small Business 220 Series Smart Switches
Qian Chen
·
Published
2021-10-06
·
Updated
2021-10-14
·
CVE-2021-34779
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Small Business 220 Series Smart Switches (affected versions not specified)
Description
The issue is related to the implementation of the Link Layer Discovery Protocol (LLDP) in the firmware of Cisco Small Business 220 Series Smart Switches. It involves a buffer overflow in memory, which can be exploited by an unauthenticated, adjacent attacker. The attacker can execute code on the affected device, cause it to reload unexpectedly, or corrupt the LLDP database by sending specially crafted malicious LLDP packets. Note that to exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device, meaning they must be Layer 2 adjacent.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Small Business 220 Series Smart Switches