CVE-2021-47894
Denial of Service via Buffer Overflow in Managed Switch Port Mapping Tool
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| northwest_performance_software | managed_switch_port_mapping_tool | 2.85.2 |
| northwest_performance_software | managed_switch_port_mapping_tool | 2.88 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial of service issue in Managed Switch Port Mapping Tool version 2.85.2. It occurs because the application does not properly handle very large input buffers. An attacker can create a 10,000-character long string and paste it into the IP Address and SNMP Community Name fields, which causes the application to crash or become unresponsive due to resource exhaustion. [3, 4]
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition where the Managed Switch Port Mapping Tool application crashes or becomes unresponsive. This can disrupt network management activities, potentially causing downtime or delays in identifying and managing network devices. [3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition by inputting an oversized buffer (e.g., a 10,000-character string) into the IP Address and SNMP Community Name fields of the Managed Switch Port Mapping Tool version 2.85.2. A proof-of-concept exploit uses a Python script to generate such a large buffer and then pastes it into these fields, causing the application to crash. There are no specific network commands provided to detect this vulnerability remotely; detection involves testing the application input handling as described. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding pasting or entering excessively large input strings (such as 10,000-character buffers) into the IP Address and SNMP Community Name fields of the Managed Switch Port Mapping Tool version 2.85.2. Additionally, updating the software to a later version where this vulnerability is fixed or applying any available patches is recommended. Since the vulnerability requires user interaction and local access, restricting access to trusted users and environments can also reduce risk. [4]