CVE-2024-20463

CWE-305CWE-862Missing AuthorizationCWE-250CWE-257CWE-352Cross-Site Request Forgery (CSRF)CWE-78OS Command InjectionCWE-804 documents4 sources
Severity
7.1HIGH
EPSS
0.7%
top 27.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ATA 191 FirmwareCisco ATA 192 FirmwareCisco Cisco Analog Telephone Adaptor (ata) Software
Timeline
PublishedOct 16

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

NVDcisco/ata_191_firmware< 12.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-8vcm-p6g6-xjqp: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote2024-10-16
CVEList
Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability2024-10-16

📋Vendor Advisories

1
Cisco
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities2024-10-16
CVE-2024-20463 (HIGH CVSS 7.1) | A vulnerability in the web-based ma | cvebase.io