High severity8.8NVD Advisory· Published Sep 2, 2016· Updated May 6, 2026

CVE-2016-1470

Description

Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.

Affected products

Cisco Systems, Inc./Small Business 220 Series Smart Plus Switches3 versions
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.17:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.19:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.synacktiv.com/ressources/advisories_cisco_switch_sg220_csrf.pdfnvdExploitThird Party Advisory
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spsnvdVendor Advisory
www.securityfocus.com/bid/92709nvd
www.securitytracker.com/id/1036722nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000