CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-40113

CVSS 10.0v3.1pub. 2021-11-04upd. 2024-11-21

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco Catalyst Pon Switch Cgp Ont 1p

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 1p Firmware

    OS
    Cisco
    < 1.1.1.14
  • Cisco Catalyst Pon Switch Cgp Ont 4p

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 4p Firmware

    OS
    Cisco
    < 1.1.3.17
  • Cisco Catalyst Pon Switch Cgp Ont 4pv

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 4pvc

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 4pvc Firmware

    OS
    Cisco
    < 1.1.3.17
  • Cisco Catalyst Pon Switch Cgp Ont 4pv Firmware

    OS
    Cisco
    < 1.1.3.17
  • Cisco Catalyst Pon Switch Cgp Ont 4tvcw

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst Pon Switch Cgp Ont 4tvcw Firmware

    OS
    Cisco
    < 1.1.3.17
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-34795CRITICAL10.0ten sam produkt

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (...

CVE-2021-40112CRITICAL10.0ten sam produkt

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (...

CVE-2026-20182CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym

CVE-2026-20131CRITICAL10.0⚠ KEVPL ✓ten sam vendor

RCE przez insecure deserialization w Cisco Secure Firewall Management Center

CVE-2026-20127CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień