CVE-2019-15252Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Spa112 2-port Phone Adapter

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
8.0HIGHNVD
EPSS
0.3%
top 51.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Spa112 2-port Phone AdapterCisco Spa112 FirmwareCisco Spa122 Firmware
Timeline
PublishedOct 16
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to e

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

NVDcisco/spa112_firmware< 1.4.1+1
NVDcisco/spa122_firmware< 1.4.1+1
CVEListV5cisco/cisco_spa112_2-port_phone_adapterunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-7rpg-c9vv-8577: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary2022-05-24
CVEList
Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities2019-10-16

📋Vendor Advisories

1
Cisco
Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities2019-10-16
CVE-2019-15252 — Cisco vulnerability | cvebase