Inclusion of Sensitive Information in Source Code in Cisco Small Business 220 Series Smart Switches

#VU57107 Inclusion of Sensitive Information in Source Code in Cisco Small Business 220 Series Smart Switches

Published: 2021-10-07

Vulnerability identifier: #VU57107

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-34757

CWE-ID: CWE-540

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco Small Business 220 Series Smart Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the use of a static password. An administrator with physical access can obtain and reconfigure user account passwords.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Small Business 220 Series Smart Switches: 1.2.0.6

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches