Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr | Patch Vendor Advisory |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
21 Nov 2024, 06:23
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 10.0 |
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr - Patch, Vendor Advisory |
Information
Published : 2021-11-04 16:15
Updated : 2024-11-21 06:23
NVD link : CVE-2021-40112
Mitre link : CVE-2021-40112
CVE.ORG link : CVE-2021-40112
JSON object : View
Products Affected
cisco
- catalyst_pon_switch_cgp-ont-4pv_firmware
- catalyst_pon_switch_cgp-ont-4tvcw
- catalyst_pon_switch_cgp-ont-1p_firmware
- catalyst_pon_switch_cgp-ont-4p_firmware
- catalyst_pon_switch_cgp-ont-1p
- catalyst_pon_switch_cgp-ont-4pvc_firmware
- catalyst_pon_switch_cgp-ont-4pv
- catalyst_pon_switch_cgp-ont-4pvc
- catalyst_pon_switch_cgp-ont-4p
- catalyst_pon_switch_cgp-ont-4tvcw_firmware
CWE