CVE-2024-20458

CWE-78 — OS Command Injection CWE-250 CWE-257 CWE-305 CWE-352 — Cross-Site Request Forgery (CSRF)CWE-804 documents4 sources

Severity

8.2HIGH

EPSS

0.7%

top 28.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ATA 191 Firmware Cisco ATA 192 Firmware Cisco Cisco Analog Telephone Adaptor (ata) Software

Timeline

PublishedOct 16

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the fir…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages3 packages

▶NVDcisco/ata_191_firmware< 12.0.2+1

▶NVDcisco/ata_192_firmware< 11.2.5

▶CVEListV5cisco/cisco_analog_telephone_adaptor_(ata)_software16 versions+15

🔴Vulnerability Details

GHSA

GHSA-3v49-pp4c-p3j5: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote↗2024-10-16

▶

CVEList

Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities↗2024-10-16

▶

📋Vendor Advisories

Cisco

Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities↗2024-10-16

▶