A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device. The vulnerability is due to the use of weak entropy generation for session identifier values. An attacker could exploit this vulnerability to determine a current session identifier through brute force and reuse that session identifier to take over an ongoing session. In this way, an attacker could take actions within the management interface with privileges up to the level of the administrative user.
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf250-24p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf250-48 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf250-48hp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf350-48 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf350-48mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf350-48p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf550x-24 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf550x-24mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf550x-24p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf550x-48 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf550x-48mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sf550x-48p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-08 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-08hp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-10p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-18 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-26 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-26hp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-26p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-50 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-50hp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250-50p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250x-24 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250x-24p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250x-48 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg250x-48p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350-10 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350-10mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350-10p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350-28 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350-28mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350-28p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350x-24 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350x-24mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350x-24p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350x-48 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350x-48mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350x-48p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350xg-24f firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350xg-24t firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350xg-2f10 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg350xg-48t firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg355-10p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg550x-24 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg550x-24mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg550x-24mpp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg550x-24p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg550x-48 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg550x-48mp firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sg550x-48p firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sx550x-12f firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sx550x-16ft firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sx550x-24 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sx550x-24f firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sx550x-24ft firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
sx550x-52 firmwareNVD
Affected:< 2.5.5.47Fixed in:2.5.5.47CVE-2020-3297derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploit Intelligence
3.04%probability of exploitation in 30 days
86thpercentile
Elevated risk: more likely to be exploited than 86% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.