1. Home
  2. CVE Database
  3. CVE-2021-40113
CRITICAL · 10.0

CVE-2021-40113

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote...

Vulnerability Description

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoCatalyst Pon Switch Cgp-Ont-1P Firmware< 1.1.1.14
CiscoCatalyst Pon Switch Cgp-Ont-1PAll versions
CiscoCatalyst Pon Switch Cgp-Ont-4P Firmware< 1.1.3.17
CiscoCatalyst Pon Switch Cgp-Ont-4PAll versions
CiscoCatalyst Pon Switch Cgp-Ont-4Pvc Firmware< 1.1.3.17
CiscoCatalyst Pon Switch Cgp-Ont-4PvcAll versions
CiscoCatalyst Pon Switch Cgp-Ont-4Tvcw Firmware< 1.1.3.17
CiscoCatalyst Pon Switch Cgp-Ont-4TvcwAll versions
CiscoCatalyst Pon Switch Cgp-Ont-4Pv Firmware< 1.1.3.17
CiscoCatalyst Pon Switch Cgp-Ont-4PvAll versions

Related Weaknesses (CWE)

CWE-78CWE-284

References

FAQ

What is CVE-2021-40113?

CVE-2021-40113 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote...

How severe is CVE-2021-40113?

CVE-2021-40113 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-40113?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Catalyst Pon Switch Cgp-Ont-1P Firmware, Cisco Catalyst Pon Switch Cgp-Ont-1P, Cisco Catalyst Pon Switch Cgp-Ont-4P Firmware, Cisco Catalyst Pon Switch Cgp-Ont-4P, Cisco Catalyst Pon Switch Cgp-Ont-4Pvc Firmware.