Vulnerabilites related to cisco - sx550x-12ft_firmware
Vulnerability from fkie_nvd
Published
2020-01-26 05:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250x-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D95896-7055-4A21-96E5-14443BF1EF2E",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250x-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF0F571-4139-411C-9E9F-4974AB9ED29E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250x-24p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5AC305C-9F13-4EC0-BA44-F0CF0262BD78",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250x-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "850829DF-9613-4E1A-9D9A-A74D3AD8BA14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250x-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C245C733-9B09-44C1-93B1-5DE1FF3AE2C6",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250x-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C050FFC6-FB6E-4AEC-830A-856B9E728D0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250x-48p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86AA3E57-DEEE-4491-9B66-37F08FE70AD9",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250x-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD1B2A7-B9CD-439B-B55E-D5AF769228FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-08_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14D901C7-5727-49D2-9D09-6DFDF1CA974B",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-08:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A7F2D0-9E2B-4162-8F31-BE44BCD3BDCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-08hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8EAC5E-2A95-47C2-B68B-16BA15558D7E",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-08hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C733117C-BFAE-459D-A9E2-5082C77A4D22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-10p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E86462-EBEC-48CF-8B73-A3856B5A4412",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-10p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEADBBF-9E5B-435E-BF81-3D2DBF369D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-18_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90023A73-5FDD-4A1D-85A9-4663CE0A611D",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72500D80-4EC8-4B49-8C22-FA19E03491DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-26_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "997FF987-64C6-46E3-8260-8E1C20E74FAF",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDA0852-1A08-4327-ABEE-9A1059DFE9BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-26hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87DDDED-8276-484F-ADCC-3CC73C2A5E89",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-26hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9610ED5C-26BE-45A6-B6DD-00DA6AB0F57D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-26p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E18B4EE6-F495-4AF0-831B-237135961156",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-26p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B19804D-C92A-4758-A2CF-E3D4D6ED65FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17B8C32E-1ED4-46A0-B7C9-25131173DA87",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF27F695-F2EA-43C9-B283-E7EEA70CB0F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-50hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4B2460-C9DA-43D9-BA93-8F3D382D86AB",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-50hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7885727C-5100-49A7-909F-D4DF545BF65D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-50p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33D31E90-CEC3-4B9E-AFDE-2D4968B18FA2",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-50p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB6FE78-C783-4A7E-90B0-ABCDA72E2D8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A450299D-B719-4648-B6A3-DDD885888A4F",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBEB8EA-2E71-4F63-AAE3-07322722FD76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-24p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD3DF16-087B-4987-AEB7-0408D5B4D8B1",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32C81B6-F732-4E9B-A181-C87FC90F1150",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB155F3F-7EEA-4D11-97BE-0637FFC6F9DD",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145D2E2E-7B91-4A02-A7B1-78EC9D49E719",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg250-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72485824-B5EE-4608-8BE2-C90ECDCCDEEA",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg250-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66FE4C7D-BBF7-4CC7-A6A3-C0D6713C4FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf350-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5E6167-62E9-44E4-93BD-0884B3B90777",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf350-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF58ED1-AECE-435C-8F8F-6053C44E01C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf350-48p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60C2982C-183F-41B1-9AA3-D5707F795E6B",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf350-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BE66F3-51C8-42D8-927A-5BA0B9B072EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf350-48mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80CED547-483B-4889-8079-77861D0590CD",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf350-48mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DE3B15-DD70-445E-936C-0C9D5C3F1450",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg350-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB64405B-E5CD-4E77-84A1-A6C65F41B167",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg350-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79843C24-2CE8-4040-9C04-79902D8F741D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg350-10p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CD31-4E1D-4047-8058-E8019F3A4546",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg350-10p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD650E51-E248-4CFD-8163-72717B66D675",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg350-10mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45DF22E1-24CE-4AA8-9B76-90A08E1D3FB9",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg350-10mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B36A173-5C14-4B38-B3DD-CD83B19AF94B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg355-10mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0F2ED4-EA54-41E8-8A14-F0CB8C1776D2",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg355-10mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C07B10FC-9C39-482A-9807-16D49FDAD979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg350-28_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "928A3EAF-E40F-4D7C-9925-A6145A32E2B2",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg350-28:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500F9351-FA0C-4648-A2A6-ACFF6C8FD157",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg350-28p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A316620-A0B1-45FA-A2D3-9C7197AAB4FC",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg350-28p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8122322F-6104-4978-9E00-40437365FF67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg350-28mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79CA829F-E578-426D-8E3D-797449D3CACB",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg350-28mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11548FB9-ADB1-4281-B89B-6D61836072DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx550x-16ft_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4E22B8-46CA-4539-8608-90A1B7C68B6F",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx550x-16ft:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02D9BEB5-78FE-49EB-92BE-6597E7608E71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx550x-24ft_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5493DB18-7F2C-4A9E-971A-491824E5BF7D",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx550x-24ft:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEDE246-7DF9-486D-A5B9-5596FE0AC582",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx550x-12ft_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67DF2CB4-7DFE-4B13-A9B4-7FCEEC2FD6EB",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx550x-12ft:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7238B1-AF9E-450A-9A11-4B6CDC527CA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx550x-24ft_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5493DB18-7F2C-4A9E-971A-491824E5BF7D",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx550x-24ft:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFEDE246-7DF9-486D-A5B9-5596FE0AC582",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx550x-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2F65F5-FC79-49AF-8122-5FF46D28EE0D",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx550x-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B39E214D-A4B7-460C-9402-8F94336B30A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sx550x-52_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD599A09-5793-4A5E-8D9C-8A0936322143",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sx550x-52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "297A662D-BD11-4021-8F19-946CA4BCF8D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg550x-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "308E4391-7962-4F27-ADFC-B8BBF04D9089",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg550x-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADB1D69-CBDC-4045-A806-087878560EF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg550x-24p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "314F2981-1A9C-4156-98CC-62C6A71AA053",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg550x-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81B88075-F579-492C-B87C-5E4291D269B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg550x-24mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "912253A6-3180-43BB-9D56-0DB7DB42065D",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg550x-24mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "605B8DE5-56EB-4FFF-BC04-1B3A38762727",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg550x-24mpp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B077BF-70D4-427A-A4D9-18D0D755480E",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg550x-24mpp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C940275E-41A8-470D-AD97-AB6EC5A75CEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg550x-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B33A623-1F6C-4BC6-9E09-6590F45CEA5F",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg550x-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "235AAB5A-9D0A-4864-89E2-D69D1D8A79D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg550x-48p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "628B557D-2FE9-49E7-A47F-1EE150DEE74A",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg550x-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "967DCE55-B7D5-4D63-9693-B42FAA9243B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sg550x-48mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E59E26-20EA-409B-99BE-0437425BA179",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sg550x-48mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA6BED3-2564-4A7C-91DC-F843E301A35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf550x-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80C6A8B5-E26B-43AD-A32C-3A7E2BA0F4CB",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf550x-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F53C2EAA-CD47-4D76-BBC6-C59D531AB1D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf550x-24p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32AC8E8E-4496-4DEC-94CA-AFFAEE2BC485",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf550x-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDF26D7-B3B5-47CA-94E9-B14BEFE02318",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf550x-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3EF6D3-A329-48AB-A92A-0F5B9C6C6F2E",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf550x-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C374EB87-A4C6-43FB-B42E-DEA973375EC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf550x-48p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38BF0C89-07C4-43CF-85AD-01ECC8FBFE2C",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf550x-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "903E59DA-DE59-4CD4-BE32-B91DDA1DA07D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sf550x-48mp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A96FF9C-4A6A-45C8-A265-0E34D506EEE4",
"versionEndIncluding": "2.5.0.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sf550x-48mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6AFC45-9ECC-4D4A-80BF-20F49C83A57A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Small Business Smart and Managed Switches, podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada suministrada por parte del usuario mediante la interfaz de administraci\u00f3n basada en web del dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que haga clic en un enlace malicioso y acceda a una p\u00e1gina espec\u00edfica. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador."
}
],
"id": "CVE-2020-3121",
"lastModified": "2024-11-21T05:30:22.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-26T05:15:17.397",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-3121
Vulnerability from cvelistv5
Published
2020-01-26 04:31
Modified
2024-11-15 17:45
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco 550X Series Stackable Managed Switches |
Version: unspecified < n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:29:56.727357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:45:38.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco 550X Series Stackable Managed Switches",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T04:31:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss"
}
],
"source": {
"advisory": "cisco-sa-20200122-sbsms-xss",
"defect": [
[
"CSCvs09313"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00-0800",
"ID": "CVE-2020-3121",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco 550X Series Stackable Managed Switches",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-sbsms-xss",
"defect": [
[
"CSCvs09313"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3121",
"datePublished": "2020-01-26T04:31:22.955259Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:45:38.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}