high
8.1
CWE
613
Advisory Published
Updated

CVE-2021-34739: Cisco Small Business Series Switches Session Credentials Replay Vulnerability

First published: Thu Nov 04 2021(Updated: )

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco SF250-24 Firmware<=2.5
Cisco SF250-24 Firmware
Cisco SF250-24P Firmware<=2.5
Cisco SF250-24P Firmware
Cisco SF250-48<=2.5
Cisco SF250-48HP Firmware
Cisco SF250-48HP Firmware<=2.5
Cisco SF250-48HP Firmware
Cisco SF250-08 Firmware<=2.5
Cisco SF250-08 Firmware
Cisco SF250-08HP<=2.5
Cisco SF250-08HP Firmware
Cisco SF250-10P<=2.5
Cisco SF250-10P Firmware
Cisco SF250-18 Firmware<=2.5
Cisco SF250-18 Firmware
Cisco SF250-26 Firmware<=2.5
Cisco SF250-26P
Cisco SF250-26HP Firmware<=2.5
Cisco SF250-26HP Firmware
Cisco SF250-26P Firmware<=2.5
Cisco SF250-26P Firmware
Cisco SF250-50P Firmware<=2.5
Cisco SF250-50P Firmware
Cisco SF250-50HP Firmware<=2.5
Cisco SF250-50HP Firmware
Cisco SF250-50P Firmware<=2.5
Cisco SF250-50P Firmware
Cisco SF250X-24 Firmware<=2.5
Cisco SF250X-24 Firmware
Cisco SF250X-24P Firmware<=2.5
Cisco SF250X-24P Firmware
Cisco SF250X-48 Firmware<=2.5
Cisco SF250X-48 Firmware
Cisco SF250 Series<=2.5
Cisco SF250X-48P Firmware
Cisco SF350-08 Firmware<=2.5
Cisco SF350-08 Firmware
Cisco SF350-24 Firmware<=2.5
Cisco SF350-24 Firmware
Cisco SF350-24MP Firmware<=2.5
Cisco SF350-24MP Firmware
Cisco SF350-24P Firmware<=2.5
Cisco SF350-24P Firmware
Cisco SF350-48 Firmware<=2.5
Cisco SF350-48 Firmware
Cisco SF350-8MP Firmware<=2.5
Cisco SF350-8MP Firmware
Cisco SF350-48P Firmware<=2.5
Cisco SF350-48P Firmware
Cisco SF352-08P Firmware<=2.5
Cisco SF352-08P
Cisco SF352-08P<=2.5
Cisco SF352-08MP Firmware
Cisco SF352-08P Firmware<=2.5
Cisco SF352-08P Firmware
Cisco SF350-8PD Firmware<=2.5
Cisco SF350-8PD Firmware
Cisco SF350-10<=2.5
Cisco SF350-10P Firmware
Cisco SG350-10MP Firmware<=2.5
Cisco SF350-10MP Firmware
Cisco SF350-10P Firmware<=2.5
Cisco SF350-10
Cisco SF350-10SFP Firmware<=2.5
Cisco SF350-10
Cisco SF350-20 Firmware<=2.5
Cisco SF350-20 Firmware
Cisco SF350-28P Firmware<=2.5
Cisco SF350-28SFP
Cisco SF350-28MP Firmware<=2.5
Cisco SF350-28MP Firmware
Cisco SF350-28P Firmware<=2.5
Cisco SF350-28P Firmware
Cisco SF350-28SFP<=2.5
Cisco SF350-28 SFP Firmware
Cisco SF350-52 Firmware<=2.5
Cisco SG350-52
Cisco SF350-52MP Firmware<=2.5
Cisco SF350-52MP
Cisco SF350-52P Firmware<=2.5
Cisco SF350-52P Firmware
Cisco SF355-10P<=2.5
Cisco SG355-10P
Cisco SG350X-8PMD Firmware<=2.5
Cisco SG350X-8PMD Firmware
Cisco SG350X-12PMV Firmware<=2.5
Cisco SG350X-12PMV Firmware
Cisco SG350X-24P Firmware<=2.5
Cisco SG350X-24 Firmware
Cisco SG350X-24 Firmware<=2.5
Cisco SG350X-24 Firmware
Cisco SG350X-24MP<=2.5
Cisco SG350X-24MP Firmware
Cisco SG350X-24 Firmware<=2.5
Cisco SG350X-24PD Firmware
Cisco SG350X-24 Firmware<=2.5
Cisco SG350X-24PV Firmware
Cisco SG350X-48 Firmware<=2.5
Cisco SG350X-48 Firmware
Cisco SG350X-48P Firmware<=2.5
Cisco SG350X-48P Firmware
Cisco SG350X-48MP<=2.5
Cisco SG350X-48MP Firmware
Cisco SG350X-48PV<=2.5
Cisco SG350X-48PV
Cisco SG350XG-2F10<=2.5
Cisco SG350XG-2F10 Firmware
Cisco SG350XG-24F Firmware<=2.5
Cisco SG350XG-24F Firmware
Cisco SG350XG-24F Firmware<=2.5
Cisco SG350XG-24F Firmware
Cisco SG350XG-48T Firmware<=2.5
Cisco SG350XG-48T Firmware
Cisco SX350X Firmware<=2.5
Cisco SX350X-08 Firmware
Cisco SX350X-12<=2.5
Cisco SX350X-12 Firmware
Cisco SX350X-24 Firmware<=2.5
Cisco SX350X-24 Firmware
Cisco SX350X-24 Firmware<=2.5
Cisco SX350X-24 Firmware
Cisco SX350X-52<=2.5
Cisco SX350X-52 Firmware
Cisco SF550X-24P<=2.5
Cisco SF550X-24 Firmware
Cisco SF550X-24P<=2.5
Cisco SF550X-24P Firmware
Cisco SF550X-24MP Firmware<=2.5
Cisco SF550X-24MP Firmware
Cisco SF550X-48<=2.5
Cisco SF550X-48 Firmware
Cisco SF550X-48P Firmware<=2.5
Cisco SG550X-48P
Cisco SG550X-48MP Firmware<=2.5
Cisco SF550X-48MP Firmware
Cisco SG550X-24P Firmware<=2.5
Cisco SG550X-24 Firmware
Cisco SG550X-24P Firmware<=2.5
Cisco SG550X-24P Firmware
Cisco SG550X-24MP Firmware<=2.5
Cisco SG550X-24MP Firmware
Cisco SG550X-24MPP Firmware<=2.5
Cisco SG550X-24MPP Firmware
Cisco SG550X-48MP Firmware<=2.5
Cisco SG550X-48 Firmware
Cisco SG550X-48P Firmware<=2.5
Cisco SG550X-48P Firmware
Cisco SG550X-48MP Firmware<=2.5
Cisco SG550X-48MP Firmware
Cisco SG500XG-8F8T Firmware<=2.5
Cisco SG550XG-8F8T firmware
Cisco SG550XG-24F Firmware<=2.5
Cisco SG550XG-24F Firmware
Cisco SG550XG-24T<=2.5
Cisco SG550XG-24T
Cisco SG550XG-48T Firmware<=2.5
Cisco SG550XG-48T Firmware
Cisco SX550X-12F Firmware<=2.5
Cisco SX550X-12F Firmware
Cisco SX550X Firmware<=2.5
Cisco SX550X-16FT Firmware
Cisco SX550X Firmware<=2.5
Cisco SX550X-24FT Firmware
Cisco SX550X Firmware<=2.5
Cisco SX550X-24F Firmware
Cisco SX550X Firmware<=2.5
Cisco SX550X-24F Firmware
Cisco SX550X-52<=2.5
Cisco SX550X-52
Cisco CBS250-8T-D Firmware<=3.1
Cisco CBS250-8T-D Firmware
Cisco CBS250-8PP-D<=3.1
Cisco CBS250 Series Switches
Cisco Business 250-8T-E-2G Firmware<=3.1
Cisco CBS250-8T-E-2G Firmware
Cisco CBS250-8PP-E-2G<=3.1
Cisco CBS250-8PP-E-2G Firmware
Cisco CBS250-8PP-E-2G Firmware<=3.1
Cisco CBS250-8P-E-2G
Cisco CBS250-8FP-E-2G Firmware<=3.1
Cisco cbs250-8fp-e-2g firmware
Cisco Business 250-16T-2G Firmware<=3.1
Cisco CBS250-16T-2G Firmware
Cisco CBS250-16P-2G Firmware<=3.1
Cisco CBS250-16P-2G Firmware
Cisco CBS250-24T-4G Firmware<=3.1
Cisco CBS250-24T-4G Firmware
Cisco CBS250-24PP-4G Firmware<=3.1
Cisco CBS250-24PP-4G Firmware
Cisco CBS250-24P-4G Firmware<=3.1
Cisco CBS250-24P-4G Firmware
Cisco CBS250-24FP-4G Firmware<=3.1
Cisco CBS250-24FP-4G Firmware
Cisco CBS250-48T-4G<=3.1
Cisco CBS250-48T-4G Firmware
Cisco CBS250-48P-4G<=3.1
Cisco CBS250-48PP-4G
Cisco CBS250-48P-4G<=3.1
Cisco CBS250-48P-4G Firmware
Cisco CBS250-24T-4X Firmware<=3.1
Cisco CBS250-24T-4X Firmware
Cisco CBS250-24P-4X<=3.1
Cisco CBS250-24P-4X Firmware
Cisco CBS250-24FP-4X<=3.1
Cisco CBS250-24FP-4X Firmware
Cisco CBS250-48T-4X Firmware<=3.1
Cisco CBS250-48T-4X Firmware
Cisco CBS250-48P-4X<=3.1
Cisco CBS250-48P-4X Firmware
Cisco CBS350-8T-E-2G<=3.1
Cisco CBS350-8T-E-2G Firmware
Cisco CBS350-8P-2G<=3.1
Cisco CBS350-8P-2G Firmware
Cisco CBS350-8P-E-2G Firmware<=3.1
Cisco CBS350-8P-E-2G firmware
Cisco CBS350-8P-E-2G Firmware<=3.1
Cisco CBS350-8FP-2G Firmware
Cisco CBS350-8FP-E-2G<=3.1
Cisco Business 350-8FP-E-2G
Cisco CBS350-8S-E-2G<=3.1
Cisco CBS350-8S-E-2G Firmware
Cisco CBS350-16T-2G<=3.1
Cisco CBS350-16T-2G Firmware
Cisco CBS350-16T-E-2G<=3.1
Cisco CBS350-16T-E-2G
Cisco CBS350-16P-2G<=3.1
Cisco CBS350-16P-2G
Cisco CBS350-16P-E-2G Firmware<=3.1
Cisco CBS350-16P-E-2G Firmware
Cisco CBS350-16FP-2G<=3.1
Cisco CBS350-16FP-2G Firmware
Cisco CBS350-24T-4G Firmware<=3.1
Cisco CBS350-24T-4G Firmware
Cisco CBS350-24P-4G Firmware<=3.1
Cisco CBS350-24P-4G Firmware
Cisco CBS350-24FP-4G<=3.1
Cisco CBS350-24FP-4G Firmware
Cisco CBS350-24S-4G<=3.1
Cisco CBS350-24S-4G Firmware
Cisco CBS350-48T-4G Firmware<=3.1
Cisco CBS350-48T-4G
Cisco CBS350-48P-4G<=3.1
Cisco CBS350-48P-4G Firmware
Cisco CBS350-48FP-4G<=3.1
Cisco CBS350-48FP-4G Firmware
Cisco CBS350-24T-4X<=3.1
Cisco CBS350-24T-4X Firmware
Cisco CBS350-24P-4X Firmware<=3.1
Cisco CBS350-24P-4X Firmware
Cisco CBS350-24FP-4X<=3.1
Cisco CBS350-24FP-4X Firmware
Cisco CBS350-48T-4X Firmware<=3.1
Cisco CBS350-48T-4X Firmware
Cisco CBS350-48P-4X Firmware<=3.1
Cisco CBS350-48FP-4X
Cisco CBS350-48FP-4X<=3.1
Cisco CBS350-48FP-4X
Cisco CBS350-8MG-2X Firmware<=3.1
Cisco CBS350-8MG-2X Firmware
Cisco CBS350-8MP-2X<=3.1
Cisco CBS350-8MP-2X Firmware
Cisco CBS350-24MGPA-4X Firmware<=3.1
Cisco CBS350-24MG-4X
Cisco CBS350-12NP-4X<=3.1
Cisco CBS350-12NP-4X Firmware
Cisco CBS350-24NGP-4X Firmware<=3.1
Cisco CBS350-24NGP-4X Firmware
Cisco CBS350-48NGP-4X Firmware<=3.1
Cisco CBS350-48NGP-4X Firmware
Cisco CBS350-8XT Firmware<=3.1
Cisco CBS350-8XT Firmware
Cisco CBS350-12XS<=3.1
Cisco CBS350
Cisco CBS350-12XT<=3.1
Cisco CBS350-12XT Firmware
Cisco CBS350-16XTS Firmware<=3.1
Cisco CBS350-16XT
Cisco CBS350-24XS Firmware<=3.1
Cisco CBS350-24XS
Cisco CBS350-24XT Firmware<=3.1
Cisco CBS350-24XT Firmware
Cisco CBS350-24XT<=3.1
Cisco CBS350-24XT
Cisco CBS350-48XT-4X Firmware<=3.1
Cisco CBS350-48XT-4X Firmware
Cisco 250/350/350X/550X/ESW2 Series Switches Firmware<=2.5
Cisco Business 350 Series
Cisco ESW2-350G-52DC<=2.5
Cisco ESW2-350G-52DC Firmware
Cisco 250/350/350X/550X/ESW2 Series Switches Firmware<=2.5
Cisco ESW2-550X-48 Firmware
Cisco 250/350/350X/550X/ESW2 Series Switches Firmware<=2.5
Cisco ESW2-550X-48DC Firmware
Cisco SF200-24 Firmware
Cisco SF200-24P
Cisco SF200-24P Firmware
Cisco SF200-24P Firmware
Cisco SF200-24FP Firmware
Cisco SF200-24FP Firmware
Cisco SF200-48 Firmware
Cisco SF200-48 Firmware
Cisco SF200-48P Firmware
Cisco SF200-48P Firmware
Cisco SG200-08
Cisco SG200-08 Firmware
Cisco SG200-08P Firmware
Cisco SG200-08P Firmware
Cisco SG200-10FP Firmware
Cisco SG200-10FP Firmware
Cisco SG200-18 Firmware
Cisco SG200-18 Firmware
Cisco SG200-26P Firmware
Cisco SG200-26P Firmware
Cisco SG200-26 Firmware
Cisco SG200-26P Firmware
Cisco SG200-26FP Firmware
Cisco SG200-26FP Firmware
Cisco SG200-50P Firmware
Cisco SG200-50FP
Cisco SG200-50P Firmware
Cisco SG200-50P Firmware
Cisco SG200-50 Firmware
Cisco SG200-50 Firmware
Cisco SF300-08 Firmware=1.4.11.02
Cisco SF300-08 Firmware
Cisco SF302-08 Firmware=1.4.11.02
Cisco SF302-08 Firmware
Cisco SF302-08P=1.4.11.02
Cisco SF302-08
Cisco SF302-08=1.4.11.02
Cisco SF302-08
Cisco SF302-08=1.4.11.02
Cisco SF302-08
Cisco SF302-08=1.4.11.02
Cisco SF302-08
Cisco SF300-24P Firmware=1.4.11.02
Cisco SF300-24 Firmware
Cisco SF300-24P=1.4.11.02
Cisco SF300-24 Firmware
Cisco SF300-24P=1.4.11.02
Cisco SF300-24PP Firmware
Cisco SF300-24MP Firmware=1.4.11.02
Cisco SF300-24MP Firmware
Cisco SF300-48P Firmware=1.4.11.02
Cisco SF300-48P
Cisco SF300-48P Firmware=1.4.11.02
Cisco SF300-48P Firmware
Cisco SF300-48PP Firmware=1.4.11.02
Cisco SF300-48PP Firmware
Cisco SG300 Series Firmware=1.4.11.02
Cisco SG300-10 Firmware
Cisco SG300 Series Firmware=1.4.11.02
Cisco SG300-10SFP Firmware
Cisco SG300-10P Firmware=1.4.11.02
Cisco SG300-10P Firmware
Cisco SG300-10PP=1.4.11.02
Cisco SG300-10 Firmware
Cisco SG300-10MP Firmware=1.4.11.02
Cisco SG300-10MP Firmware
Cisco SG300-10MPP Firmware=1.4.11.02
Cisco SG300-10MPP Firmware
Cisco SG300 Series Firmware=1.4.11.02
Cisco SG300-20 Firmware
Cisco SG300-28P=1.4.11.02
Cisco SG300-28 Firmware
Cisco SG300-28P Firmware=1.4.11.02
Cisco SG300-28P
Cisco SG300-28PP Firmware=1.4.11.02
Cisco SG300-28PP Firmware
Cisco SG300-28MP=1.4.11.02
Cisco SG300-28MP
Cisco SG300 Series Firmware=1.4.11.02
Cisco SG300-52P
Cisco SG300-52P Firmware=1.4.11.02
Cisco SG300-52P Firmware
Cisco SG300-52MP Firmware=1.4.11.02
Cisco SG300-52MP Firmware
Cisco SG300 Series Firmware=1.4.11.02
Cisco SG300-28SFP Firmware
Cisco SF500-24>=2.5.5.0<2.5.8.12
Cisco SF500-24MP
Cisco SF500-24P>=2.5.5.0<2.5.8.12
Cisco SF500-24P Firmware
Cisco 500 Series Switch Firmware>=2.5.5.0<2.5.8.12
Cisco SF500-24MP Firmware
Cisco SF500-48P Firmware>=2.5.5.0<2.5.8.12
Cisco SF500-48 Firmware
Cisco 500 Series Switch Firmware>=2.5.5.0<2.5.8.12
Cisco SF500-48 Firmware
Cisco 500 Series Switch Firmware>=2.5.5.0<2.5.8.12
Cisco SF500-48MP Firmware
Cisco SG500-28>=2.5.5.0<2.5.8.12
Cisco SG500-28PP Firmware
Cisco SG500-28P>=2.5.5.0<2.5.8.12
Cisco SG500-28P
Cisco SG500-28PP Firmware>=2.5.5.0<2.5.8.12
Cisco SG500-28MPP Firmware
Cisco SG500-52P>=2.5.5.0<2.5.8.12
Cisco SG500-52 Firmware
Cisco SG500-52P>=2.5.5.0<2.5.8.12
Cisco SG500-52P
Cisco SG500-52MP>=2.5.5.0<2.5.8.12
Cisco SG500-52
Cisco SG500X-24>=2.5.5.0<2.5.8.12
Cisco SG500X-24P
Cisco SG500X-24P>=2.5.5.0<2.5.8.12
Cisco SG500X-24P
Cisco SG500X-24MPP>=2.5.5.0<2.5.8.12
Cisco SG500X-24MPP Firmware
Cisco SG500X-48>=2.5.5.0<2.5.8.12
Cisco SG500X-48MP Firmware
Cisco SG500X-48P>=2.5.5.0<2.5.8.12
Cisco SG500X-48P
Cisco SG500X-48MP Firmware>=2.5.5.0<2.5.8.12
Cisco SG500X-48
Cisco SG500XG-8F8T>=2.5.5.0<2.5.8.12
Cisco SG500XG-8F8T Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-34739?

    The severity of CVE-2021-34739 is rated as high due to its potential for unauthorized access to network devices.

  • How do I fix CVE-2021-34739?

    To fix CVE-2021-34739, upgrade the affected Cisco Small Business Switches to the latest firmware that addresses the vulnerability.

  • Which devices are affected by CVE-2021-34739?

    CVE-2021-34739 affects multiple Cisco Small Business Series Switches, including SF250, SF350, and others with firmware versions up to 2.5.

  • Is there a workaround for CVE-2021-34739?

    There are no specific workarounds for CVE-2021-34739; however, disabling remote management access can help mitigate the risk.

  • When was CVE-2021-34739 disclosed?

    CVE-2021-34739 was disclosed in July 2021 as part of Cisco's security advisories.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203