Vulnslist

find the latest Cisco vulnerabilities

Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities

cisco-sa-catpon-multivulns-CE3DSYGr · Critical · Published · Updated

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2021-34795, CVE-2021-40112, CVE-2021-40113
Cisco Bug IDsCSCvz67097, CSCvz61943, CSCvz61948
CVSS ScoreBase 10.0
Base 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X
Base 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X
Base 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Catalyst PON Series

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2021-40113 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2021-40112 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2021-34795 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2021-40113 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2021-40112 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2021-34795 Cisco OpenVuln
Cisco Catalyst PON Series CVE-2021-40113 Cisco OpenVuln
Cisco Catalyst PON Series CVE-2021-40112 Cisco OpenVuln
Cisco Catalyst PON Series CVE-2021-34795 Cisco OpenVuln