CVE-2020-3121 (GCVE-0-2020-3121)
Vulnerability from cvelistv5
Published
2020-01-26 04:31
Modified
2024-11-15 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco 550X Series Stackable Managed Switches |
Version: unspecified < n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:29:56.727357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:45:38.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco 550X Series Stackable Managed Switches",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T04:31:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss"
}
],
"source": {
"advisory": "cisco-sa-20200122-sbsms-xss",
"defect": [
[
"CSCvs09313"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00-0800",
"ID": "CVE-2020-3121",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco 550X Series Stackable Managed Switches",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-sbsms-xss",
"defect": [
[
"CSCvs09313"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3121",
"datePublished": "2020-01-26T04:31:22.955259Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:45:38.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-3121\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2020-01-26T05:15:17.397\",\"lastModified\":\"2024-11-21T05:30:22.217\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Small Business Smart and Managed Switches, podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada suministrada por parte del usuario mediante la interfaz de administraci\u00f3n basada en web del dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que haga clic en un enlace malicioso y acceda a una p\u00e1gina espec\u00edfica. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV30\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250x-24_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"D5D95896-7055-4A21-96E5-14443BF1EF2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250x-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDF0F571-4139-411C-9E9F-4974AB9ED29E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250x-24p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"F5AC305C-9F13-4EC0-BA44-F0CF0262BD78\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250x-24p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"850829DF-9613-4E1A-9D9A-A74D3AD8BA14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250x-48_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"C245C733-9B09-44C1-93B1-5DE1FF3AE2C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250x-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C050FFC6-FB6E-4AEC-830A-856B9E728D0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250x-48p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"86AA3E57-DEEE-4491-9B66-37F08FE70AD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250x-48p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD1B2A7-B9CD-439B-B55E-D5AF769228FE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-08_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"14D901C7-5727-49D2-9D09-6DFDF1CA974B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-08:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6A7F2D0-9E2B-4162-8F31-BE44BCD3BDCB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-08hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"7A8EAC5E-2A95-47C2-B68B-16BA15558D7E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-08hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C733117C-BFAE-459D-A9E2-5082C77A4D22\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-10p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"62E86462-EBEC-48CF-8B73-A3856B5A4412\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-10p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AEADBBF-9E5B-435E-BF81-3D2DBF369D33\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-18_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"90023A73-5FDD-4A1D-85A9-4663CE0A611D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-18:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72500D80-4EC8-4B49-8C22-FA19E03491DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-26_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"997FF987-64C6-46E3-8260-8E1C20E74FAF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-26:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CDA0852-1A08-4327-ABEE-9A1059DFE9BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-26hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"C87DDDED-8276-484F-ADCC-3CC73C2A5E89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-26hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9610ED5C-26BE-45A6-B6DD-00DA6AB0F57D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-26p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"E18B4EE6-F495-4AF0-831B-237135961156\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-26p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B19804D-C92A-4758-A2CF-E3D4D6ED65FF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-50_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"17B8C32E-1ED4-46A0-B7C9-25131173DA87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF27F695-F2EA-43C9-B283-E7EEA70CB0F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-50hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"AF4B2460-C9DA-43D9-BA93-8F3D382D86AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-50hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7885727C-5100-49A7-909F-D4DF545BF65D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-50p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"33D31E90-CEC3-4B9E-AFDE-2D4968B18FA2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-50p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DB6FE78-C783-4A7E-90B0-ABCDA72E2D8C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-24_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"A450299D-B719-4648-B6A3-DDD885888A4F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFBEB8EA-2E71-4F63-AAE3-07322722FD76\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-24p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"5FD3DF16-087B-4987-AEB7-0408D5B4D8B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-24p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32C81B6-F732-4E9B-A181-C87FC90F1150\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-48_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"FB155F3F-7EEA-4D11-97BE-0637FFC6F9DD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"145D2E2E-7B91-4A02-A7B1-78EC9D49E719\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg250-48hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"72485824-B5EE-4608-8BE2-C90ECDCCDEEA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg250-48hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66FE4C7D-BBF7-4CC7-A6A3-C0D6713C4FFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sf350-48_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"6B5E6167-62E9-44E4-93BD-0884B3B90777\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sf350-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EF58ED1-AECE-435C-8F8F-6053C44E01C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sf350-48p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"60C2982C-183F-41B1-9AA3-D5707F795E6B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sf350-48p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2BE66F3-51C8-42D8-927A-5BA0B9B072EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sf350-48mp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"80CED547-483B-4889-8079-77861D0590CD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sf350-48mp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2DE3B15-DD70-445E-936C-0C9D5C3F1450\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg350-10_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"CB64405B-E5CD-4E77-84A1-A6C65F41B167\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg350-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79843C24-2CE8-4040-9C04-79902D8F741D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg350-10p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"26A3CD31-4E1D-4047-8058-E8019F3A4546\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg350-10p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD650E51-E248-4CFD-8163-72717B66D675\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg350-10mp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"45DF22E1-24CE-4AA8-9B76-90A08E1D3FB9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg350-10mp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B36A173-5C14-4B38-B3DD-CD83B19AF94B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg355-10mp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"5A0F2ED4-EA54-41E8-8A14-F0CB8C1776D2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg355-10mp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C07B10FC-9C39-482A-9807-16D49FDAD979\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg350-28_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"928A3EAF-E40F-4D7C-9925-A6145A32E2B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg350-28:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"500F9351-FA0C-4648-A2A6-ACFF6C8FD157\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg350-28p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"4A316620-A0B1-45FA-A2D3-9C7197AAB4FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg350-28p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8122322F-6104-4978-9E00-40437365FF67\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg350-28mp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"79CA829F-E578-426D-8E3D-797449D3CACB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg350-28mp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11548FB9-ADB1-4281-B89B-6D61836072DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sx550x-16ft_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"4B4E22B8-46CA-4539-8608-90A1B7C68B6F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sx550x-16ft:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02D9BEB5-78FE-49EB-92BE-6597E7608E71\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sx550x-24ft_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"5493DB18-7F2C-4A9E-971A-491824E5BF7D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sx550x-24ft:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFEDE246-7DF9-486D-A5B9-5596FE0AC582\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sx550x-12ft_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"67DF2CB4-7DFE-4B13-A9B4-7FCEEC2FD6EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sx550x-12ft:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF7238B1-AF9E-450A-9A11-4B6CDC527CA6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sx550x-24ft_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"5493DB18-7F2C-4A9E-971A-491824E5BF7D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sx550x-24ft:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFEDE246-7DF9-486D-A5B9-5596FE0AC582\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sx550x-24_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"0D2F65F5-FC79-49AF-8122-5FF46D28EE0D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sx550x-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B39E214D-A4B7-460C-9402-8F94336B30A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sx550x-52_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"AD599A09-5793-4A5E-8D9C-8A0936322143\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sx550x-52:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"297A662D-BD11-4021-8F19-946CA4BCF8D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg550x-24_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"308E4391-7962-4F27-ADFC-B8BBF04D9089\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg550x-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ADB1D69-CBDC-4045-A806-087878560EF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg550x-24p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"314F2981-1A9C-4156-98CC-62C6A71AA053\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg550x-24p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81B88075-F579-492C-B87C-5E4291D269B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg550x-24mp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"912253A6-3180-43BB-9D56-0DB7DB42065D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg550x-24mp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"605B8DE5-56EB-4FFF-BC04-1B3A38762727\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg550x-24mpp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"72B077BF-70D4-427A-A4D9-18D0D755480E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg550x-24mpp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C940275E-41A8-470D-AD97-AB6EC5A75CEF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg550x-48_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"2B33A623-1F6C-4BC6-9E09-6590F45CEA5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg550x-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"235AAB5A-9D0A-4864-89E2-D69D1D8A79D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg550x-48p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"628B557D-2FE9-49E7-A47F-1EE150DEE74A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg550x-48p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"967DCE55-B7D5-4D63-9693-B42FAA9243B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sg550x-48mp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"51E59E26-20EA-409B-99BE-0437425BA179\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sg550x-48mp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AA6BED3-2564-4A7C-91DC-F843E301A35E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sf550x-24_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"80C6A8B5-E26B-43AD-A32C-3A7E2BA0F4CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sf550x-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F53C2EAA-CD47-4D76-BBC6-C59D531AB1D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sf550x-24p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"32AC8E8E-4496-4DEC-94CA-AFFAEE2BC485\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sf550x-24p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BDF26D7-B3B5-47CA-94E9-B14BEFE02318\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sf550x-48_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"6D3EF6D3-A329-48AB-A92A-0F5B9C6C6F2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sf550x-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C374EB87-A4C6-43FB-B42E-DEA973375EC2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sf550x-48p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"38BF0C89-07C4-43CF-85AD-01ECC8FBFE2C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sf550x-48p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"903E59DA-DE59-4CD4-BE32-B91DDA1DA07D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:sf550x-48mp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0.90\",\"matchCriteriaId\":\"4A96FF9C-4A6A-45C8-A265-0E34D506EEE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:sf550x-48mp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6AFC45-9ECC-4D4A-80BF-20F49C83A57A\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss\", \"name\": \"20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:24:00.540Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:29:56.727357Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:30:48.221Z\"}}], \"cna\": {\"title\": \"Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability\", \"source\": {\"defect\": [[\"CSCvs09313\"]], \"advisory\": \"cisco-sa-20200122-sbsms-xss\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco 550X Series Stackable Managed Switches\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"n/a\", \"versionType\": \"custom\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2020-01-22T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss\", \"name\": \"20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-01-26T04:31:22\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"6.1\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\"}}, \"source\": {\"defect\": [[\"CSCvs09313\"]], \"advisory\": \"cisco-sa-20200122-sbsms-xss\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"affected\": \"\u003c\", \"version_value\": \"n/a\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Cisco 550X Series Stackable Managed Switches\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss\", \"name\": \"20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-79\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3121\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-01-22T16:00:00-0800\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-3121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T17:45:38.991Z\", \"dateReserved\": \"2019-12-12T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-01-26T04:31:22.955259Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…