CRITICAL✓ PATCH🇬🇧 English

CVE-2021-40112

CVSS 10.0v3.1pub. 2021-11-04upd. 2024-11-21

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco Catalyst Pon Switch Cgp Ont 1p

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 1p Firmware

    OS
    Cisco
    < 1.1.1.14
  • Cisco Catalyst Pon Switch Cgp Ont 4p

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 4p Firmware

    OS
    Cisco
    < 1.1.3.17
  • Cisco Catalyst Pon Switch Cgp Ont 4pv

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 4pvc

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 4pvc Firmware

    OS
    Cisco
    < 1.1.3.17
  • Cisco Catalyst Pon Switch Cgp Ont 4pv Firmware

    OS
    Cisco
    < 1.1.3.17
  • Cisco Catalyst Pon Switch Cgp Ont 4tvcw

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 4tvcw Firmware

    OS
    Cisco
    < 1.1.3.17
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-34795CRITICAL10.0ten sam produkt

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (...

CVE-2021-40113CRITICAL10.0ten sam produkt

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (...

CVE-2026-20182CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym

CVE-2026-20131CRITICAL10.0⚠ KEVPL ✓ten sam vendor

RCE przez insecure deserialization w Cisco Secure Firewall Management Center

CVE-2026-20127CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień