CVE-2021-40127

Name of the Vulnerable Software and Affected Versions Cisco Small Business 200 Series Smart Switches versions (affected versions not specified) Cisco Small Business 300 Series Managed Switches versions (affected versions not specified) Cisco Small Business 500 Series Stackable Managed Switches versions (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to render the interface unusable, resulting in a denial of service (DoS) condition. This issue is due to improper validation of HTTP requests. An attacker could exploit this by sending a crafted HTTP request to an affected device, potentially causing a permanent invalid redirect for requests sent to the interface, resulting in a DoS condition.

Recommendations For Cisco Small Business 200 Series Smart Switches, update to a version that fixes the improper validation of HTTP requests. For Cisco Small Business 300 Series Managed Switches, update to a version that fixes the improper validation of HTTP requests. For Cisco Small Business 500 Series Stackable Managed Switches, update to a version that fixes the improper validation of HTTP requests. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.