{ "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-10-06T16:00:00", "ID": "CVE-2021-34744", "STATE": "PUBLIC", "TITLE": "Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Small Business 220 Series Smart Plus Switches ", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, "exploit": [ { "lang": "eng", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " } ], "impact": { "cvss": { "baseScore": "5.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N ", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-540" } ] } ] }, "references": { "reference_data": [ { "name": "20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX" } ] }, "source": { "advisory": "cisco-sa-sb-hardcoded-cred-MJCEXvX", "defect": [ [ "CSCvy90709", "CSCvy90713" ] ], "discovery": "INTERNAL" } }