CVE-2024-20462

CWE-257CWE-522Insufficiently Protected CredentialsCWE-922CWE-250CWE-305CWE-352Cross-Site Request Forgery (CSRF)CWE-78OS Command InjectionCWE-804 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 68.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ATA 191 FirmwareCisco ATA 192 FirmwareCisco Cisco Analog Telephone Adaptor (ata) Software
Timeline
PublishedOct 16

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/ata_191_firmware< 12.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-j4rf-24v6-vq7x: A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authentic2024-10-16
CVEList
Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability2024-10-16

📋Vendor Advisories

1
Cisco
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities2024-10-16
CVE-2024-20462 (MEDIUM CVSS 5.5) | A vulnerability in the web-based ma | cvebase.io