CVE-2019-15241

CWE-119Buffer OverflowCWE-601Open RedirectCWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
8.0HIGH
EPSS
0.3%
top 51.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco Spa112 2-port Phone AdapterCisco Spa112 FirmwareCisco Spa122 Firmware
Timeline
PublishedOct 16
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to e

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

NVDcisco/spa112_firmware< 1.4.1+1
NVDcisco/spa122_firmware< 1.4.1+1
CVEListV5cisco/cisco_spa112_2-port_phone_adapterunspecifiedn/a

🔴Vulnerability Details

3
GHSA
GHSA-c33m-wrfp-ff3c: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary2022-05-24
GHSA
Cross-Site Scripting in ternary conditional operator2020-10-08
CVEList
Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities2019-10-16

📋Vendor Advisories

1
Cisco
Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities2019-10-16