CVE-2020-3297: Cisco Small Business Smart and Managed Switches Session Management Vulnerability
First published: Thu Jul 02 2020(Updated: )
A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device. The vulnerability is due to the use of weak entropy generation for session identifier values. An attacker could exploit this vulnerability to determine a current session identifier through brute force and reuse that session identifier to take over an ongoing session. In this way, an attacker could take actions within the management interface with privileges up to the level of the administrative user.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Sg250x-24 Firmware | <2.5.5.47 | |
| Cisco Sg250x-24 | ||
| Cisco Sg250x-24p Firmware | <2.5.5.47 | |
| Cisco Sg250x-24p | ||
| Cisco Sg250x-48 Firmware | <2.5.5.47 | |
| Cisco Sg250x-48 | ||
| Cisco Sg250x-48p Firmware | <2.5.5.47 | |
| Cisco Sg250x-48p | ||
| Cisco Sg250-08 Firmware | <2.5.5.47 | |
| Cisco Sg250-08 | ||
| Cisco Sg250-08hp Firmware | <2.5.5.47 | |
| Cisco Sg250-08hp | ||
| Cisco Sg250-10p Firmware | <2.5.5.47 | |
| Cisco Sg250-10p | ||
| Cisco Sg250-18 Firmware | <2.5.5.47 | |
| Cisco Sg250-18 | ||
| Cisco Sg250-26 Firmware | <2.5.5.47 | |
| Cisco Sg250-26 | ||
| Cisco Sg250-26hp Firmware | <2.5.5.47 | |
| Cisco Sg250-26hp | ||
| Cisco Sg250-26p Firmware | <2.5.5.47 | |
| Cisco Sg250-26p | ||
| Cisco Sg250-50 Firmware | <2.5.5.47 | |
| Cisco Sg250-50 | ||
| Cisco Sg250-50hp Firmware | <2.5.5.47 | |
| Cisco Sg250-50hp | ||
| Cisco Sg250-50p Firmware | <2.5.5.47 | |
| Cisco Sg250-50p | ||
| Cisco Sf250-24 Firmware | <2.5.5.47 | |
| Cisco Sf250-24 | ||
| Cisco Sf250-24p Firmware | <2.5.5.47 | |
| Cisco Sf250-24p | ||
| Cisco Sf250-48 Firmware | <2.5.5.47 | |
| Cisco Sf250-48 | ||
| Cisco Sf250-48hp Firmware | <2.5.5.47 | |
| Cisco Sf250-48hp | ||
| Cisco Sg350-10 Firmware | <2.5.5.47 | |
| Cisco Sg350-10 | ||
| Cisco Sg350-10p Firmware | <2.5.5.47 | |
| Cisco Sg350-10p | ||
| Cisco Sg350-10mp Firmware | <2.5.5.47 | |
| Cisco Sg350-10mp | ||
| Cisco Sg355-10p Firmware | <2.5.5.47 | |
| Cisco Sg355-10p | ||
| Cisco Sg350-28 Firmware | <2.5.5.47 | |
| Cisco Sg350-28 | ||
| Cisco Sg350-28p Firmware | <2.5.5.47 | |
| Cisco Sg350-28p | ||
| Cisco Sg350-28mp Firmware | <2.5.5.47 | |
| Cisco Sg350-28mp | ||
| Cisco Sf350-48 Firmware | <2.5.5.47 | |
| Cisco Sf350-48 | ||
| Cisco Sf350-48p Firmware | <2.5.5.47 | |
| Cisco Sf350-48p | ||
| Cisco Sf350-48mp Firmware | <2.5.5.47 | |
| Cisco Sf350-48mp | ||
| Cisco Sg350xg-2f10 Firmware | <2.5.5.47 | |
| Cisco Sg350xg-2f10 | ||
| Cisco Sg350xg-24f Firmware | <2.5.5.47 | |
| Cisco Sg350xg-24f | ||
| Cisco Sg350xg-24t Firmware | <2.5.5.47 | |
| Cisco Sg350xg-24t | ||
| Cisco Sg350xg-48t Firmware | <2.5.5.47 | |
| Cisco Sg350xg-48t | ||
| Cisco Sg350x-24 Firmware | <2.5.5.47 | |
| Cisco Sg350x-24 | ||
| Cisco Sg350x-24p Firmware | <2.5.5.47 | |
| Cisco Sg350x-24p | ||
| Cisco Sg350x-24mp Firmware | <2.5.5.47 | |
| Cisco Sg350x-24mp | ||
| Cisco Sg350x-48 Firmware | <2.5.5.47 | |
| Cisco Sg350x-48 | ||
| Cisco Sg350x-48p Firmware | <2.5.5.47 | |
| Cisco Sg350x-48p | ||
| Cisco Sg350x-48mp Firmware | <2.5.5.47 | |
| Cisco Sg350x-48mp | ||
| Cisco Sx550x-16ft Firmware | <2.5.5.47 | |
| Cisco Sx550x-16ft | ||
| Cisco Sx550x-24ft Firmware | <2.5.5.47 | |
| Cisco Sx550x-24ft | ||
| Cisco Sx550x-12f Firmware | <2.5.5.47 | |
| Cisco Sx550x-12f | ||
| Cisco Sx550x-24f Firmware | <2.5.5.47 | |
| Cisco Sx550x-24f | ||
| Cisco Sx550x-24 Firmware | <2.5.5.47 | |
| Cisco Sx550x-24 | ||
| Cisco Sx550x-52 Firmware | <2.5.5.47 | |
| Cisco Sx550x-52 | ||
| Cisco Sg550x-24 Firmware | <2.5.5.47 | |
| Cisco Sg550x-24 | ||
| Cisco Sg550x-24p Firmware | <2.5.5.47 | |
| Cisco Sg550x-24p | ||
| Cisco Sg550x-24mp Firmware | <2.5.5.47 | |
| Cisco Sg550x-24mp | ||
| Cisco Sg550x-24mpp Firmware | <2.5.5.47 | |
| Cisco Sg550x-24mpp | ||
| Cisco Sg550x-48 Firmware | <2.5.5.47 | |
| Cisco Sg550x-48 | ||
| Cisco Sg550x-48p Firmware | <2.5.5.47 | |
| Cisco Sg550x-48p | ||
| Cisco Sg550x-48mp Firmware | <2.5.5.47 | |
| Cisco Sg550x-48mp | ||
| Cisco Sf550x-24 Firmware | <2.5.5.47 | |
| Cisco Sf550x-24 | ||
| Cisco Sf550x-24p Firmware | <2.5.5.47 | |
| Cisco Sf550x-24p | ||
| Cisco Sf550x-24mp Firmware | <2.5.5.47 | |
| Cisco Sf550x-24mp | ||
| Cisco Sf550x-48 Firmware | <2.5.5.47 | |
| Cisco Sf550x-48 | ||
| Cisco Sf550x-48p Firmware | <2.5.5.47 | |
| Cisco Sf550x-48p | ||
| Cisco Sf550x-48mp Firmware | <2.5.5.47 | |
| Cisco Sf550x-48mp | ||
| Cisco Sf200-24 Firmware | ||
| Cisco Sf200-24 | ||
| Cisco Sf200-24fp Firmware | ||
| Cisco Sf200-24fp | ||
| Cisco Sf200-24p Firmware | ||
| Cisco Sf200-24p | ||
| Cisco Sf200-48 Firmware | ||
| Cisco Sf200-48 | ||
| Cisco Sf200-48p Firmware | ||
| Cisco Sf200-48p | ||
| Cisco Sf200e-24 Firmware | ||
| Cisco Sf200e-24 | ||
| Cisco Sf200e-24p Firmware | ||
| Cisco Sf200e-24p | ||
| Cisco Sf200e-48 Firmware | ||
| Cisco Sf200e-48 | ||
| Cisco Sf200e-48p Firmware | ||
| Cisco Sf200e-48p | ||
| Cisco Sg200-08 Firmware | ||
| Cisco Sg200-08 | ||
| Cisco Sg200-08p Firmware | ||
| Cisco Sg200-08p | ||
| Cisco Sg200-10fp Firmware | ||
| Cisco Sg200-10fp | ||
| Cisco Sg200-18 Firmware | ||
| Cisco Sg200-18 | ||
| Cisco Sg200-26 Firmware | ||
| Cisco Sg200-26 | ||
| Cisco Sg200-26fp Firmware | ||
| Cisco Sg200-26fp | ||
| Cisco Sg200-26p Firmware | ||
| Cisco Sg200-26p | ||
| Cisco Sg200-50 Firmware | ||
| Cisco Sg200-50 | ||
| Cisco Sg200-50fp Firmware | ||
| Cisco Sg200-50fp | ||
| Cisco Sg200-50p Firmware | ||
| Cisco Sg200-50p | ||
| Cisco Sf302-08pp Firmware | ||
| Cisco Sf302-08pp | ||
| Cisco Sf302-08mpp Firmware | ||
| Cisco Sf302-08mpp | ||
| Cisco Sg300-10pp Firmware | ||
| Cisco Sg300-10pp | ||
| Cisco Sg300-10mpp Firmware | ||
| Cisco Sg300-10mpp | ||
| Cisco Sf300-24pp Firmware | ||
| Cisco Sf300-24pp | ||
| Cisco Sf300-48pp Firmware | ||
| Cisco Sf300-48pp | ||
| Cisco Sg300-28pp Firmware | ||
| Cisco Sg300-28pp | ||
| Cisco Sf300-08 Firmware | ||
| Cisco Sf300-08 | ||
| Cisco Sf300-48p Firmware | ||
| Cisco Sf300-48p | ||
| Cisco Sg300-10mp Firmware | ||
| Cisco Sg300-10mp | ||
| Cisco Sg300-10p Firmware | ||
| Cisco Sg300-10p | ||
| Cisco Sg300-10 Firmware | ||
| Cisco Sg300-10 | ||
| Cisco Sg300-28p Firmware | ||
| Cisco Sg300-28p | ||
| Cisco Sf300-24p Firmware | ||
| Cisco Sf300-24p | ||
| Cisco Sf302-08mp Firmware | ||
| Cisco Sf302-08mp | ||
| Cisco Sg300-28 Firmware | ||
| Cisco Sg300-28 | ||
| Cisco Sf300-48 Firmware | ||
| Cisco Sf300-48 | ||
| Cisco Sg300-20 Firmware | ||
| Cisco Sg300-20 | ||
| Cisco Sf302-08p Firmware | ||
| Cisco Sf302-08p | ||
| Cisco Sg300-52 Firmware | ||
| Cisco Sg300-52 | ||
| Cisco Sf300-24 Firmware | ||
| Cisco Sf300-24 | ||
| Cisco Sf302-08 Firmware | ||
| Cisco Sf302-08 | ||
| Cisco Sf300-24mp Firmware | ||
| Cisco Sf300-24mp | ||
| Cisco Sg300-10sfp Firmware | ||
| Cisco Sg300-10sfp | ||
| Cisco Sg300-28mp Firmware | ||
| Cisco Sg300-28mp | ||
| Cisco Sg300-52p Firmware | ||
| Cisco Sg300-52p | ||
| Cisco Sg300-52mp Firmware | ||
| Cisco Sg300-52mp | ||
| Cisco Sg500-28mpp Firmware | ||
| Cisco Sg500-28mpp | ||
| Cisco Sg500-52mp Firmware | ||
| Cisco Sg500-52mp | ||
| Cisco Sg500xg-8f8t Firmware | ||
| Cisco Sg500xg-8f8t | ||
| Cisco Sf500-24 Firmware | ||
| Cisco Sf500-24 | ||
| Cisco Sf500-24p Firmware | ||
| Cisco Sf500-24p | ||
| Cisco Sf500-48 Firmware | ||
| Cisco Sf500-48 | ||
| Cisco Sf500-48p Firmware | ||
| Cisco Sf500-48p | ||
| Cisco Sg500-28 Firmware | ||
| Cisco Sg500-28 | ||
| Cisco Sg500-28p Firmware | ||
| Cisco Sg500-28p | ||
| Cisco Sg500-52 Firmware | ||
| Cisco Sg500-52 | ||
| Cisco Sg500-52p Firmware | ||
| Cisco Sg500-52p | ||
| Cisco Sg500x-24 Firmware | ||
| Cisco Sg500x-24 | ||
| Cisco Sg500x-24p Firmware | ||
| Cisco Sg500x-24p | ||
| Cisco Sg500x-48 Firmware | ||
| Cisco Sg500x-48 | ||
| Cisco Sg500x-48p Firmware | ||
| Cisco Sg500x-48p |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco sg250x-24 firmware
- canonical/cisco sg250x-24
- canonical/cisco sg250x-24p firmware
- canonical/cisco sg250x-24p
- canonical/cisco sg250x-48 firmware
- canonical/cisco sg250x-48
- canonical/cisco sg250x-48p firmware
- canonical/cisco sg250x-48p
- canonical/cisco sg250-08 firmware
- canonical/cisco sg250-08
- canonical/cisco sg250-08hp firmware
- canonical/cisco sg250-08hp
- canonical/cisco sg250-10p firmware
- canonical/cisco sg250-10p
- canonical/cisco sg250-18 firmware
- canonical/cisco sg250-18
- canonical/cisco sg250-26 firmware
- canonical/cisco sg250-26
- canonical/cisco sg250-26hp firmware
- canonical/cisco sg250-26hp
- canonical/cisco sg250-26p firmware
- canonical/cisco sg250-26p
- canonical/cisco sg250-50 firmware
- canonical/cisco sg250-50
- canonical/cisco sg250-50hp firmware
- canonical/cisco sg250-50hp
- canonical/cisco sg250-50p firmware
- canonical/cisco sg250-50p
- canonical/cisco sf250-24 firmware
- canonical/cisco sf250-24
- canonical/cisco sf250-24p firmware
- canonical/cisco sf250-24p
- canonical/cisco sf250-48 firmware
- canonical/cisco sf250-48
- canonical/cisco sf250-48hp firmware
- canonical/cisco sf250-48hp
- canonical/cisco sg350-10 firmware
- canonical/cisco sg350-10
- canonical/cisco sg350-10p firmware
- canonical/cisco sg350-10p
- canonical/cisco sg350-10mp firmware
- canonical/cisco sg350-10mp
- canonical/cisco sg355-10p firmware
- canonical/cisco sg355-10p
- canonical/cisco sg350-28 firmware
- canonical/cisco sg350-28
- canonical/cisco sg350-28p firmware
- canonical/cisco sg350-28p
- canonical/cisco sg350-28mp firmware
- canonical/cisco sg350-28mp
- canonical/cisco sf350-48 firmware
- canonical/cisco sf350-48
- canonical/cisco sf350-48p firmware
- canonical/cisco sf350-48p
- canonical/cisco sf350-48mp firmware
- canonical/cisco sf350-48mp
- canonical/cisco sg350xg-2f10 firmware
- canonical/cisco sg350xg-2f10
- canonical/cisco sg350xg-24f firmware
- canonical/cisco sg350xg-24f
- canonical/cisco sg350xg-24t firmware
- canonical/cisco sg350xg-24t
- canonical/cisco sg350xg-48t firmware
- canonical/cisco sg350xg-48t
- canonical/cisco sg350x-24 firmware
- canonical/cisco sg350x-24
- canonical/cisco sg350x-24p firmware
- canonical/cisco sg350x-24p
- canonical/cisco sg350x-24mp firmware
- canonical/cisco sg350x-24mp
- canonical/cisco sg350x-48 firmware
- canonical/cisco sg350x-48
- canonical/cisco sg350x-48p firmware
- canonical/cisco sg350x-48p
- canonical/cisco sg350x-48mp firmware
- canonical/cisco sg350x-48mp
- canonical/cisco sx550x-16ft firmware
- canonical/cisco sx550x-16ft
- canonical/cisco sx550x-24ft firmware
- canonical/cisco sx550x-24ft
- canonical/cisco sx550x-12f firmware
- canonical/cisco sx550x-12f
- canonical/cisco sx550x-24f firmware
- canonical/cisco sx550x-24f
- canonical/cisco sx550x-24 firmware
- canonical/cisco sx550x-24
- canonical/cisco sx550x-52 firmware
- canonical/cisco sx550x-52
- canonical/cisco sg550x-24 firmware
- canonical/cisco sg550x-24
- canonical/cisco sg550x-24p firmware
- canonical/cisco sg550x-24p
- canonical/cisco sg550x-24mp firmware
- canonical/cisco sg550x-24mp
- canonical/cisco sg550x-24mpp firmware
- canonical/cisco sg550x-24mpp
- canonical/cisco sg550x-48 firmware
- canonical/cisco sg550x-48
- canonical/cisco sg550x-48p firmware
- canonical/cisco sg550x-48p
- canonical/cisco sg550x-48mp firmware
- canonical/cisco sg550x-48mp
- canonical/cisco sf550x-24 firmware
- canonical/cisco sf550x-24
- canonical/cisco sf550x-24p firmware
- canonical/cisco sf550x-24p
- canonical/cisco sf550x-24mp firmware
- canonical/cisco sf550x-24mp
- canonical/cisco sf550x-48 firmware
- canonical/cisco sf550x-48
- canonical/cisco sf550x-48p firmware
- canonical/cisco sf550x-48p
- canonical/cisco sf550x-48mp firmware
- canonical/cisco sf550x-48mp
- canonical/cisco sf200-24 firmware
- canonical/cisco sf200-24
- canonical/cisco sf200-24fp firmware
- canonical/cisco sf200-24fp
- canonical/cisco sf200-24p firmware
- canonical/cisco sf200-24p
- canonical/cisco sf200-48 firmware
- canonical/cisco sf200-48
- canonical/cisco sf200-48p firmware
- canonical/cisco sf200-48p
- canonical/cisco sf200e-24 firmware
- canonical/cisco sf200e-24
- canonical/cisco sf200e-24p firmware
- canonical/cisco sf200e-24p
- canonical/cisco sf200e-48 firmware
- canonical/cisco sf200e-48
- canonical/cisco sf200e-48p firmware
- canonical/cisco sf200e-48p
- canonical/cisco sg200-08 firmware
- canonical/cisco sg200-08
- canonical/cisco sg200-08p firmware
- canonical/cisco sg200-08p
- canonical/cisco sg200-10fp firmware
- canonical/cisco sg200-10fp
- canonical/cisco sg200-18 firmware
- canonical/cisco sg200-18
- canonical/cisco sg200-26 firmware
- canonical/cisco sg200-26
- canonical/cisco sg200-26fp firmware
- canonical/cisco sg200-26fp
- canonical/cisco sg200-26p firmware
- canonical/cisco sg200-26p
- canonical/cisco sg200-50 firmware
- canonical/cisco sg200-50
- canonical/cisco sg200-50fp firmware
- canonical/cisco sg200-50fp
- canonical/cisco sg200-50p firmware
- canonical/cisco sg200-50p
- canonical/cisco sf302-08pp firmware
- canonical/cisco sf302-08pp
- canonical/cisco sf302-08mpp firmware
- canonical/cisco sf302-08mpp
- canonical/cisco sg300-10pp firmware
- canonical/cisco sg300-10pp
- canonical/cisco sg300-10mpp firmware
- canonical/cisco sg300-10mpp
- canonical/cisco sf300-24pp firmware
- canonical/cisco sf300-24pp
- canonical/cisco sf300-48pp firmware
- canonical/cisco sf300-48pp
- canonical/cisco sg300-28pp firmware
- canonical/cisco sg300-28pp
- canonical/cisco sf300-08 firmware
- canonical/cisco sf300-08
- canonical/cisco sf300-48p firmware
- canonical/cisco sf300-48p
- canonical/cisco sg300-10mp firmware
- canonical/cisco sg300-10mp
- canonical/cisco sg300-10p firmware
- canonical/cisco sg300-10p
- canonical/cisco sg300-10 firmware
- canonical/cisco sg300-10
- canonical/cisco sg300-28p firmware
- canonical/cisco sg300-28p
- canonical/cisco sf300-24p firmware
- canonical/cisco sf300-24p
- canonical/cisco sf302-08mp firmware
- canonical/cisco sf302-08mp
- canonical/cisco sg300-28 firmware
- canonical/cisco sg300-28
- canonical/cisco sf300-48 firmware
- canonical/cisco sf300-48
- canonical/cisco sg300-20 firmware
- canonical/cisco sg300-20
- canonical/cisco sf302-08p firmware
- canonical/cisco sf302-08p
- canonical/cisco sg300-52 firmware
- canonical/cisco sg300-52
- canonical/cisco sf300-24 firmware
- canonical/cisco sf300-24
- canonical/cisco sf302-08 firmware
- canonical/cisco sf302-08
- canonical/cisco sf300-24mp firmware
- canonical/cisco sf300-24mp
- canonical/cisco sg300-10sfp firmware
- canonical/cisco sg300-10sfp
- canonical/cisco sg300-28mp firmware
- canonical/cisco sg300-28mp
- canonical/cisco sg300-52p firmware
- canonical/cisco sg300-52p
- canonical/cisco sg300-52mp firmware
- canonical/cisco sg300-52mp
- canonical/cisco sg500-28mpp firmware
- canonical/cisco sg500-28mpp
- canonical/cisco sg500-52mp firmware
- canonical/cisco sg500-52mp
- canonical/cisco sg500xg-8f8t firmware
- canonical/cisco sg500xg-8f8t
- canonical/cisco sf500-24 firmware
- canonical/cisco sf500-24
- canonical/cisco sf500-24p firmware
- canonical/cisco sf500-24p
- canonical/cisco sf500-48 firmware
- canonical/cisco sf500-48
- canonical/cisco sf500-48p firmware
- canonical/cisco sf500-48p
- canonical/cisco sg500-28 firmware
- canonical/cisco sg500-28
- canonical/cisco sg500-28p firmware
- canonical/cisco sg500-28p
- canonical/cisco sg500-52 firmware
- canonical/cisco sg500-52
- canonical/cisco sg500-52p firmware
- canonical/cisco sg500-52p
- canonical/cisco sg500x-24 firmware
- canonical/cisco sg500x-24
- canonical/cisco sg500x-24p firmware
- canonical/cisco sg500x-24p
- canonical/cisco sg500x-48 firmware
- canonical/cisco sg500x-48
- canonical/cisco sg500x-48p firmware
- canonical/cisco sg500x-48p