CVE-2021-40127
MEDIUMCisco Small Business 200/300/500 Series Switches - Unauthenticated Denial of Service via HTTP Request
Title source: llmDescription
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8
Scores
CVSS v3
5.3
EPSS
0.0015
EPSS Percentile
35.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (50)
cisco/sf200-24_firmware
cisco/sf200-24fp_firmware
cisco/sf200-24p_firmware
cisco/sf200-48_firmware
cisco/sf200-48p_firmware
cisco/sf200e-24_firmware
cisco/sf200e-24p_firmware
cisco/sf200e-48_firmware
cisco/sf200e-48p_firmware
cisco/sf300-08_firmware
1.4.11.02
... and 40 more
Published
Nov 04, 2021
Tracked Since
Feb 18, 2026