CVE-2021-34739— Cisco Small Business Series Switches Session Credentials Replay Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-34739
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Small Business Series Switches Session Credentials Replay Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的会话过期机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Small Business 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Small Business是美国思科(Cisco)公司的一个交换机。 Cisco Small Business 存在代码问题漏洞,该漏洞是由于思科交换机的会话据证验证机制导致。攻击者可利用该漏洞重放有效的用户会话凭据,在未经授权的情况下登录web管理界面。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches | n/a | - |
II. Public POCs for CVE-2021-34739
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-34739
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5vendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2021-34739
Same Patch Batch · Cisco · 2021-11-04 · 18 CVEs total
| CVE-2021-34795 | 10.0 CRITICAL | Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities |
| CVE-2021-40112 | 10.0 CRITICAL | Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities |
| CVE-2021-40113 | 10.0 CRITICAL | Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities |
| CVE-2021-40119 | 9.8 CRITICAL | Cisco Policy Suite Static SSH Keys Vulnerability |
| CVE-2021-34741 | 7.5 HIGH | Cisco Email Security Appliance Denial of Service Vulnerability |
| CVE-2021-40124 | 6.7 MEDIUM | Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Pri |
| CVE-2021-34773 | 6.5 MEDIUM | Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2021-40120 | 6.5 MEDIUM | Cisco Small Business RV Series Routers Command Injection Vulnerability |
| CVE-2021-40115 | 6.1 MEDIUM | Cisco Webex Video Mesh Cross-Site Scripting Vulnerability |
| CVE-2021-1500 | 5.4 MEDIUM | Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability |
| CVE-2021-34784 | 5.4 MEDIUM | Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scri |
| CVE-2021-40128 | 5.3 MEDIUM | Cisco Webex Meetings Email Content Injection Vulnerability |
| CVE-2021-40127 | 5.3 MEDIUM | Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Deni |
| CVE-2021-34774 | 4.9 MEDIUM | Cisco Common Services Platform Collector Information Disclosure Vulnerability |
| CVE-2021-34731 | 4.8 MEDIUM | Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability |
| CVE-2021-40126 | 4.3 MEDIUM | Cisco Umbrella Email Enumeration Vulnerability |
| CVE-2021-34701 | 4.3 MEDIUM | Cisco Unified Communications Products Path Traversal Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco Small Business Smart and Managed Switches
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-613
- CVE-2026-41902
FreeScout's user invitation hash never expires: permanent un - CVE-2026-41519
Weblate's API Token Not Invalidated on Password Change - CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-40934
jupyter-server authentication cookies remain valid after pas - CVE-2026-42421
OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shar
V. Comments for CVE-2021-34739
No comments yet