CVE-2024-20459

CWE-78OS Command InjectionCWE-250CWE-257CWE-305CWE-352Cross-Site Request Forgery (CSRF)CWE-804 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 53.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ATA 191 FirmwareCisco ATA 192 FirmwareCisco Cisco Analog Telephone Adaptor (ata) Software
Timeline
PublishedOct 16

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successfu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages3 packages

NVDcisco/ata_191_firmware< 12.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-vg6p-xhm4-6r5f: A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authentic2024-10-16
CVEList
Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Command Injection Vulnerability2024-10-16

📋Vendor Advisories

1
Cisco
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities2024-10-16
CVE-2024-20459 (HIGH CVSS 7.2) | A vulnerability in the web-based ma | cvebase.io