CVE-2020-3121: Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability
First published: Sun Jan 26 2020(Updated: )
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SG250X-24P Firmware | <=2.5.0.90 | |
| Cisco SG250X-24 | ||
| Cisco SG250X-24P Firmware | <=2.5.0.90 | |
| Cisco SG250X-24P Firmware | ||
| Cisco SG250X-48P Firmware | <=2.5.0.90 | |
| Cisco SG250X-48 Firmware | ||
| Cisco SG250X-48P Firmware | <=2.5.0.90 | |
| Cisco SG250X-48P Firmware | ||
| Cisco SG250-08HP Firmware | <=2.5.0.90 | |
| Cisco SG250-08 | ||
| Cisco SG250-08HP Firmware | <=2.5.0.90 | |
| Cisco SG250-08HP | ||
| Cisco SG250-10P Firmware | <=2.5.0.90 | |
| Cisco SG250-10P | ||
| Cisco SG250-18 Firmware | <=2.5.0.90 | |
| Cisco SG250-18 | ||
| Cisco SG250-26HP Firmware | <=2.5.0.90 | |
| Cisco SG250-26 Firmware | ||
| Cisco SG250-26HP Firmware | <=2.5.0.90 | |
| Cisco SG250-26HP Firmware | ||
| Cisco SG250-26P Firmware | <=2.5.0.90 | |
| Cisco SG250-26P Firmware | ||
| Cisco SG250-50P Firmware | <=2.5.0.90 | |
| Cisco SG250-50P Firmware | ||
| Cisco SG250-50HP Firmware | <=2.5.0.90 | |
| Cisco SG250-50HP Firmware | ||
| Cisco SG250-50P Firmware | <=2.5.0.90 | |
| Cisco SG250-50P Firmware | ||
| Cisco SG250-24 Firmware | <=2.5.0.90 | |
| Cisco SG250-24 Firmware | ||
| Cisco SG250-24P Firmware | <=2.5.0.90 | |
| Cisco SG250-24P Firmware | ||
| Cisco SG250-48 Firmware | <=2.5.0.90 | |
| Cisco SG250-48 Firmware | ||
| Cisco SG250-48HP Firmware | <=2.5.0.90 | |
| Cisco SG250-48HP Firmware | ||
| Cisco SF350-48 Firmware | <=2.5.0.90 | |
| Cisco SF350-48P Firmware | ||
| Cisco SF350-48P Firmware | <=2.5.0.90 | |
| Cisco SF350-48P Firmware | ||
| Cisco SF350-48MP Firmware | <=2.5.0.90 | |
| Cisco SF350-48MP Firmware | ||
| Cisco SG350-10 Firmware | <=2.5.0.90 | |
| Cisco SG350-10P | ||
| Cisco SG350-10P | <=2.5.0.90 | |
| Cisco SG350-10P | ||
| Cisco SG350-10MP Firmware | <=2.5.0.90 | |
| Cisco SG350-10MP | ||
| Cisco SG355-10MP Firmware | <=2.5.0.90 | |
| Cisco SG355-10MP Firmware | ||
| Cisco SG350-28 Firmware | <=2.5.0.90 | |
| Cisco SG350-28 | ||
| Cisco SG350-28P Firmware | <=2.5.0.90 | |
| Cisco SG350-28P | ||
| Cisco SG350-28MP Firmware | <=2.5.0.90 | |
| Cisco SG350-28MP | ||
| Cisco SX550X-16FT Firmware | <=2.5.0.90 | |
| Cisco SX550X-16FT | ||
| Cisco SX550X-24FT Firmware | <=2.5.0.90 | |
| Cisco SX550X-24FT | ||
| Cisco Sx550x-12ft Firmware | <=2.5.0.90 | |
| Cisco Sx550x-12ft | ||
| Cisco SX550X-24FT Firmware | <=2.5.0.90 | |
| Cisco SX550X-24 | ||
| Cisco SX550X-52 Firmware | <=2.5.0.90 | |
| Cisco SX550X-52 | ||
| Cisco SG550X-24 Firmware | <=2.5.0.90 | |
| Cisco SG550X-24 Firmware | ||
| Cisco SG550X-24P Firmware | <=2.5.0.90 | |
| Cisco SG550X-24P Firmware | ||
| Cisco SG550X-24MP Firmware | <=2.5.0.90 | |
| Cisco SG550X-24MP | ||
| Cisco SG550X-24MPP Firmware | <=2.5.0.90 | |
| Cisco SG550X-24MPP | ||
| Cisco SG550X-48MP Firmware | <=2.5.0.90 | |
| Cisco SG550X-48T | ||
| Cisco SG550X-48P Firmware | <=2.5.0.90 | |
| Cisco SG550X-48P | ||
| Cisco SG550X-48MP Firmware | <=2.5.0.90 | |
| Cisco SG550X-48MP | ||
| Cisco SF550X-24 Firmware | <=2.5.0.90 | |
| Cisco SF550X-24 Firmware | ||
| Cisco SF550X-24P Firmware | <=2.5.0.90 | |
| Cisco SF550X-24P | ||
| Cisco SF550X-48 Firmware | <=2.5.0.90 | |
| Cisco SF550X-48 | ||
| Cisco SF550X-48P Firmware | <=2.5.0.90 | |
| Cisco SG550X-48P | ||
| Cisco SG550X-48MP Firmware | <=2.5.0.90 | |
| Cisco SF550X-48MP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-3121?
The severity of CVE-2020-3121 is classified as medium due to its potential for Cross-Site Scripting (XSS) attacks.
How do I fix CVE-2020-3121?
To fix CVE-2020-3121, you should upgrade the affected Cisco Small Business Smart and Managed Switches firmware to versions beyond 2.5.0.90.
What devices are affected by CVE-2020-3121?
CVE-2020-3121 affects various Cisco products, including SG250, SG250X, SF350, SG350X, and Sx550 switch models running firmware version 2.5.0.90 or earlier.
Can CVE-2020-3121 be exploited remotely?
Yes, CVE-2020-3121 can be exploited remotely by an unauthenticated attacker through the web-based management interface.
What type of attack is associated with CVE-2020-3121?
CVE-2020-3121 is associated with Cross-Site Scripting (XSS) attacks, allowing attackers to execute arbitrary scripts in the user's browser.
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/title
- agent/author
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco sg250x-24p firmware
- version/cisco sg250x-24p firmware/2.5.0.90
- canonical/cisco sg250x-24
- canonical/cisco sg250x-48p firmware
- version/cisco sg250x-48p firmware/2.5.0.90
- canonical/cisco sg250x-48 firmware
- canonical/cisco sg250-08hp firmware
- version/cisco sg250-08hp firmware/2.5.0.90
- canonical/cisco sg250-08
- canonical/cisco sg250-08hp
- canonical/cisco sg250-10p firmware
- version/cisco sg250-10p firmware/2.5.0.90
- canonical/cisco sg250-10p
- canonical/cisco sg250-18 firmware
- version/cisco sg250-18 firmware/2.5.0.90
- canonical/cisco sg250-18
- canonical/cisco sg250-26hp firmware
- version/cisco sg250-26hp firmware/2.5.0.90
- canonical/cisco sg250-26 firmware
- canonical/cisco sg250-26p firmware
- version/cisco sg250-26p firmware/2.5.0.90
- canonical/cisco sg250-50p firmware
- version/cisco sg250-50p firmware/2.5.0.90
- canonical/cisco sg250-50hp firmware
- version/cisco sg250-50hp firmware/2.5.0.90
- canonical/cisco sg250-24 firmware
- version/cisco sg250-24 firmware/2.5.0.90
- canonical/cisco sg250-24p firmware
- version/cisco sg250-24p firmware/2.5.0.90
- canonical/cisco sg250-48 firmware
- version/cisco sg250-48 firmware/2.5.0.90
- canonical/cisco sg250-48hp firmware
- version/cisco sg250-48hp firmware/2.5.0.90
- canonical/cisco sf350-48 firmware
- version/cisco sf350-48 firmware/2.5.0.90
- canonical/cisco sf350-48p firmware
- version/cisco sf350-48p firmware/2.5.0.90
- canonical/cisco sf350-48mp firmware
- version/cisco sf350-48mp firmware/2.5.0.90
- canonical/cisco sg350-10 firmware
- version/cisco sg350-10 firmware/2.5.0.90
- canonical/cisco sg350-10p
- version/cisco sg350-10p/2.5.0.90
- canonical/cisco sg350-10mp firmware
- version/cisco sg350-10mp firmware/2.5.0.90
- canonical/cisco sg350-10mp
- canonical/cisco sg355-10mp firmware
- version/cisco sg355-10mp firmware/2.5.0.90
- canonical/cisco sg350-28 firmware
- version/cisco sg350-28 firmware/2.5.0.90
- canonical/cisco sg350-28
- canonical/cisco sg350-28p firmware
- version/cisco sg350-28p firmware/2.5.0.90
- canonical/cisco sg350-28p
- canonical/cisco sg350-28mp firmware
- version/cisco sg350-28mp firmware/2.5.0.90
- canonical/cisco sg350-28mp
- canonical/cisco sx550x-16ft firmware
- version/cisco sx550x-16ft firmware/2.5.0.90
- canonical/cisco sx550x-16ft
- canonical/cisco sx550x-24ft firmware
- version/cisco sx550x-24ft firmware/2.5.0.90
- canonical/cisco sx550x-24ft
- canonical/cisco sx550x-12ft firmware
- version/cisco sx550x-12ft firmware/2.5.0.90
- canonical/cisco sx550x-12ft
- canonical/cisco sx550x-24
- canonical/cisco sx550x-52 firmware
- version/cisco sx550x-52 firmware/2.5.0.90
- canonical/cisco sx550x-52
- canonical/cisco sg550x-24 firmware
- version/cisco sg550x-24 firmware/2.5.0.90
- canonical/cisco sg550x-24p firmware
- version/cisco sg550x-24p firmware/2.5.0.90
- canonical/cisco sg550x-24mp firmware
- version/cisco sg550x-24mp firmware/2.5.0.90
- canonical/cisco sg550x-24mp
- canonical/cisco sg550x-24mpp firmware
- version/cisco sg550x-24mpp firmware/2.5.0.90
- canonical/cisco sg550x-24mpp
- canonical/cisco sg550x-48mp firmware
- version/cisco sg550x-48mp firmware/2.5.0.90
- canonical/cisco sg550x-48t
- canonical/cisco sg550x-48p firmware
- version/cisco sg550x-48p firmware/2.5.0.90
- canonical/cisco sg550x-48p
- canonical/cisco sg550x-48mp
- canonical/cisco sf550x-24 firmware
- version/cisco sf550x-24 firmware/2.5.0.90
- canonical/cisco sf550x-24p firmware
- version/cisco sf550x-24p firmware/2.5.0.90
- canonical/cisco sf550x-24p
- canonical/cisco sf550x-48 firmware
- version/cisco sf550x-48 firmware/2.5.0.90
- canonical/cisco sf550x-48
- canonical/cisco sf550x-48p firmware
- version/cisco sf550x-48p firmware/2.5.0.90
- canonical/cisco sf550x-48mp