At the time of publication, this vulnerability affected Cisco Small Business 220 Series Smart Switches running firmware versions prior to 220.127.116.11 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
Determining Whether the Web Management Interface Is Enabled
To determine whether the web management interface is enabled via either HTTP or HTTPS, administrators can use the show running-config command on the device CLI. If both of the following lines are present in the configuration, the web management interface is disabled and the device is not vulnerable:
no ip http server
no ip http secure server
Any other output indicates that the web management interface is enabled on the device.
In the web management interface, the HTTP Service and HTTPS Service are configured under Security > TCP/UDP Service.
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.