CVE-2024-20420

CWE-250CWE-863Incorrect AuthorizationCWE-257CWE-305CWE-352Cross-Site Request Forgery (CSRF)CWE-78OS Command InjectionCWE-804 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 43.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ATA 191 FirmwareCisco ATA 192 FirmwareCisco Cisco Analog Telephone Adaptor (ata) Software
Timeline
PublishedOct 16

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

NVDcisco/ata_191_firmware< 12.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-w5cm-m7c3-4jj4: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote a2024-10-16
CVEList
Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability2024-10-16

📋Vendor Advisories

1
Cisco
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities2024-10-16
CVE-2024-20420 (HIGH CVSS 8.8) | A vulnerability in the web-based ma | cvebase.io