What is CVE-2021-34744?

CVE-2021-34744 is a vulnerability in the Cisco Business 220 Series Smart Switches firmware that could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure user account passwords.

What is the severity of CVE-2021-34744?

The severity of CVE-2021-34744 is medium, with a severity value of 4.9.

How can an attacker exploit CVE-2021-34744?

An attacker with Administrator privileges can exploit CVE-2021-34744 to gain access to sensitive login credentials or modify user account passwords.

Which Cisco Business 220 Series Smart Switches firmware versions are affected by CVE-2021-34744?

The Cisco Business 220 Series Smart Switches firmware versions up to and including 1.2.0.6 are affected by CVE-2021-34744.

Where can I find more information about CVE-2021-34744?

You can find more information about CVE-2021-34744 at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX)

Vulnerability/
CVE-2021-34744

medium

4.9

CWE

798 540

6/10/2021

7/11/2024

CVE-2021-34744: Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities

First published: Wed Oct 06 2021(Updated: )

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Business 220-8t-e-2g	<=1.2.0.6
Cisco Business 220-8t-e-2g Firmware
Cisco Business 220-8p-e-2g	<=1.2.0.6
Cisco Business 220-8p-e-2g Firmware
Cisco Business 220-8fp-e-2g Firmware	<=1.2.0.6
Cisco Business 220-8fp-e-2g Firmware
Cisco Business 220-16T-2G Firmware	<=1.2.0.6
Cisco Business 220-16t-2g Firmware
Cisco Business 220-16p-2g Firmware	<=1.2.0.6
Cisco Business 220-16p-2g Firmware
Cisco Business 220-24t-4g Firmware	<=1.2.0.6
Cisco Business 220-24t-4g Firmware
Cisco Business 220-24p-4g Firmware	<=1.2.0.6
Cisco Business 220-24p-4g Firmware
Cisco Business 220-24fp-4g Firmware	<=1.2.0.6
Cisco Business 220-24t-4g Firmware
Cisco Business 220-48T-4G Firmware	<=1.2.0.6
Cisco Business 220-48t-4g Firmware
Cisco Business 220 Series Firmware	<=1.2.0.6
Cisco Business 220-48p-4g
Cisco Business 220-24t-4x	<=1.2.0.6
Cisco Business 220-24t-4x Firmware
Cisco Business 220-24p-4x	<=1.2.0.6
Cisco Business 220-24p-4x Firmware
Cisco Business 220-24fp-4x Firmware	<=1.2.0.6
Cisco Business 220-24fp-4x Firmware
Cisco Business 220 Series Firmware	<=1.2.0.6
Cisco Business 220-48t-4x Firmware
Cisco Business 220-48p-4x Firmware	<=1.2.0.6
Cisco Business 220-48p-4x Firmware
Cisco Business 220-48fp-4x Firmware	<=1.2.0.6
Cisco Business 220-48fp-4x Firmware

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX

Frequently Asked Questions

What is CVE-2021-34744?
CVE-2021-34744 is a vulnerability in the Cisco Business 220 Series Smart Switches firmware that could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure user account passwords.
What is the severity of CVE-2021-34744?
The severity of CVE-2021-34744 is medium, with a severity value of 4.9.
How can an attacker exploit CVE-2021-34744?
An attacker with Administrator privileges can exploit CVE-2021-34744 to gain access to sensitive login credentials or modify user account passwords.
Which Cisco Business 220 Series Smart Switches firmware versions are affected by CVE-2021-34744?
The Cisco Business 220 Series Smart Switches firmware versions up to and including 1.2.0.6 are affected by CVE-2021-34744.
Where can I find more information about CVE-2021-34744?
You can find more information about CVE-2021-34744 at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX)

agent/weakness
agent/type
agent/author
agent/severity
agent/title
agent/references
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco business 220-8t-e-2g
version/cisco business 220-8t-e-2g/1.2.0.6
canonical/cisco business 220-8t-e-2g firmware
canonical/cisco business 220-8p-e-2g
version/cisco business 220-8p-e-2g/1.2.0.6
canonical/cisco business 220-8p-e-2g firmware
canonical/cisco business 220-8fp-e-2g firmware
version/cisco business 220-8fp-e-2g firmware/1.2.0.6
canonical/cisco business 220-16t-2g firmware
version/cisco business 220-16t-2g firmware/1.2.0.6
canonical/cisco business 220-16p-2g firmware
version/cisco business 220-16p-2g firmware/1.2.0.6
canonical/cisco business 220-24t-4g firmware
version/cisco business 220-24t-4g firmware/1.2.0.6
canonical/cisco business 220-24p-4g firmware
version/cisco business 220-24p-4g firmware/1.2.0.6
canonical/cisco business 220-24fp-4g firmware
version/cisco business 220-24fp-4g firmware/1.2.0.6
canonical/cisco business 220-48t-4g firmware
version/cisco business 220-48t-4g firmware/1.2.0.6
canonical/cisco business 220 series firmware
version/cisco business 220 series firmware/1.2.0.6
canonical/cisco business 220-48p-4g
canonical/cisco business 220-24t-4x
version/cisco business 220-24t-4x/1.2.0.6
canonical/cisco business 220-24t-4x firmware
canonical/cisco business 220-24p-4x
version/cisco business 220-24p-4x/1.2.0.6
canonical/cisco business 220-24p-4x firmware
canonical/cisco business 220-24fp-4x firmware
version/cisco business 220-24fp-4x firmware/1.2.0.6
canonical/cisco business 220-48t-4x firmware
canonical/cisco business 220-48p-4x firmware
version/cisco business 220-48p-4x firmware/1.2.0.6
canonical/cisco business 220-48fp-4x firmware
version/cisco business 220-48fp-4x firmware/1.2.0.6