Cyber Resilience

CVE-2021-34780

Medium

Published: 06 October 2021

Published
06 October 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0014 33.8th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-34780 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Cisco Business 220-8T-E-2G Firmware. Its CVSS base score is 4.3 (Medium).

Operationally, ranked at the 33.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause…

more

LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
business 220-8t-e-2g firmware
≤ 1.2.0.6
cisco
business 220-8p-e-2g firmware
≤ 1.2.0.6
cisco
business 220-8fp-e-2g firmware
≤ 1.2.0.6
cisco
business 220-16t-2g firmware
≤ 1.2.0.6
cisco
business 220-16p-2g firmware
≤ 1.2.0.6
cisco
business 220-24t-4g firmware
≤ 1.2.0.6
cisco
business 220-24p-4g firmware
≤ 1.2.0.6
cisco
business 220-24fp-4g firmware
≤ 1.2.0.6
cisco
business 220-48t-4g firmware
≤ 1.2.0.6
cisco
business 220-48p-4g firmware
≤ 1.2.0.6
+6 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References