CVE-2024-20421

CWE-352Cross-Site Request Forgery (CSRF)CWE-250CWE-257CWE-305CWE-78OS Command InjectionCWE-804 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 59.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ATA 191 FirmwareCisco ATA 192 FirmwareCisco Cisco Analog Telephone Adaptor (ata) Software
Timeline
PublishedOct 16

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

NVDcisco/ata_191_firmware< 12.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-q72g-w9rr-ph62: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote2024-10-16
CVEList
Cisco ATA 190 Series Analog Telephone Adapter Firmware Cross-Site Request Forgery Vulnerability2024-10-16

📋Vendor Advisories

1
Cisco
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities2024-10-16
CVE-2024-20421 (MEDIUM CVSS 6.5) | A vulnerability in the web-based ma | cvebase.io