CVE-2019-12704

CWE-200Information ExposureCWE-22Path Traversal5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 49.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco Spa112 2-port Phone AdapterCisco Spa112 FirmwareCisco Spa122 Firmware
Timeline
PublishedOct 16
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retr

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/spa112_firmware< 1.4.1+1
NVDcisco/spa122_firmware< 1.4.1+1
CVEListV5cisco/cisco_spa112_2-port_phone_adapterunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-r26j-gmf9-5mw5: A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote att2022-05-24
CVEList
Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability2019-10-16

💥Exploits & PoCs

1
Exploit-DB
UliCMS 2020.1 - Persistent Cross-Site Scripting2020-03-24

📋Vendor Advisories

1
Cisco
Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability2019-10-16