CVE-2024-20460

CWE-80CWE-79Cross-site Scripting (XSS)CWE-250CWE-257CWE-305CWE-352Cross-Site Request Forgery (CSRF)CWE-78OS Command Injection4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 58.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ATA 191 FirmwareCisco ATA 192 FirmwareCisco Cisco Analog Telephone Adaptor (ata) Software
Timeline
PublishedOct 16

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affect

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDcisco/ata_191_firmware< 12.0.2+1

🔴Vulnerability Details

2
CVEList
Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability2024-10-16
GHSA
GHSA-p7rx-j8x8-2j2p: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote2024-10-16

📋Vendor Advisories

1
Cisco
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities2024-10-16
CVE-2024-20460 (MEDIUM CVSS 6.1) | A vulnerability in the web-based ma | cvebase.io