CVE-2021-34739

Name of the Vulnerable Software and Affected Versions Cisco Small Business Series Switches (affected versions not specified) Cisco 250/350/350X/550X/ESW2 Series (affected versions not specified) Cisco Business 250/350 Series (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco switches could allow an unauthenticated, remote attacker to gain unauthorized access to the interface. This issue is due to insufficient expiration of session credentials and inadequate input validation. An attacker could exploit this by conducting a man-in-the-middle attack to intercept valid session credentials and then replaying them toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.

Recommendations For Cisco Small Business Series Switches, consider restricting access to the web-based management interface until a fix is available. For Cisco 250/350/350X/550X/ESW2 Series and Cisco Business 250/350 Series, restrict access to limited resources to minimize the risk of exploitation. As a temporary workaround, consider implementing additional security measures, such as enhancing network monitoring to detect potential man-in-the-middle attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.