CVE-2021-34778 (CNNVD-202110-301)
中文标题:
Cisco Small Business 220 Series Smart Switches缓冲区错误漏洞
英文标题:
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
漏洞描述
中文描述:
Cisco Small Business 220 Series Smart Switches是美国思科(Cisco)公司的一款小型智能交换机设备。 Cisco Small Business 220 Series Smart Switches存在缓冲区错误漏洞,攻击者可利用该漏洞在受影响的设备上执行代码或导致代码意外重新加载在受影响的设备上导致LLDP数据库损坏。注:LLDP是第2层协议。要利用这些漏洞进行攻击,攻击者必须与受影响设备位于同一广播域中(第2层相邻)
英文描述:
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Small Business 200 Series Smart Switches | n/a | - | - |
cpe:2.3:a:cisco:cisco_small_business_200_series_smart_switches:n_a:*:*:*:*:*:*:*
|
| cisco | business_220-8t-e-2g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-8t-e-2g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-8p-e-2g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-8p-e-2g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-8fp-e-2g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-8fp-e-2g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-16t-2g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-16t-2g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-16p-2g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-16p-2g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-24t-4g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-24t-4g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-24p-4g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-24p-4g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-24fp-4g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-24fp-4g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-48t-4g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-48t-4g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-48p-4g_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-48p-4g_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-24t-4x_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-24t-4x_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-24p-4x_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-24p-4x_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-24fp-4x_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-24fp-4x_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-48t-4x_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-48t-4x_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-48p-4x_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-48p-4x_firmware:*:*:*:*:*:*:*:*
|
| cisco | business_220-48fp-4x_firmware | * | - | - |
cpe:2.3:o:cisco:business_220-48fp-4x_firmware:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2021-34778 |
2025-11-11 15:21:00 | 2025-11-11 07:36:55 |
| NVD | nvd_CVE-2021-34778 |
2025-11-11 14:57:43 | 2025-11-11 07:45:13 |
| CNNVD | cnnvd_CNNVD-202110-301 |
2025-11-11 15:10:44 | 2025-11-11 07:56:58 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 缓冲区错误
- cnnvd_id: 未提取 -> CNNVD-202110-301
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 17
- data_sources: ['cve'] -> ['cve', 'nvd']