Cisco Ata 192 Firmware vulnerabilities
14 known vulnerabilities affecting cisco/ata_192_firmware.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2024-20459HIGHCVSS 7.2fixed in 11.2.52024-10-16
CVE-2024-20459 [MEDIUM] CWE-78 CVE-2024-20459: A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog T
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system.
This vulnerability is due to a lack of input sanitization in the web-based
nvd
CVE-2024-20420HIGHCVSS 8.8fixed in 11.2.52024-10-16
CVE-2024-20420 [MEDIUM] CWE-250 CVE-2024-20420: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapt
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user.
This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by send
nvd
CVE-2024-20458HIGHCVSS 8.2fixed in 11.2.52024-10-16
CVE-2024-20458 [HIGH] CWE-78 CVE-2024-20458: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapt
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device.
This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit thi
nvd
CVE-2024-20463HIGHCVSS 7.1fixed in 11.2.52024-10-16
CVE-2024-20463 [MEDIUM] CWE-305 CVE-2024-20463: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapt
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device.
This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by
nvd
CVE-2024-20462MEDIUMCVSS 5.5fixed in 11.2.52024-10-16
CVE-2024-20462 [MEDIUM] CWE-257 CVE-2024-20462: A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog T
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.
This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit coul
nvd
CVE-2024-20460MEDIUMCVSS 6.1fixed in 11.2.52024-10-16
CVE-2024-20460 [MEDIUM] CWE-80 CVE-2024-20460: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapt
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by pe
nvd
CVE-2024-20461MEDIUMCVSS 6.0fixed in 11.2.52024-10-16
CVE-2024-20461 [MEDIUM] CWE-78 CVE-2024-20461: A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allo
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user.
This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to t
nvd
CVE-2024-20421MEDIUMCVSS 6.5fixed in 11.2.52024-10-16
CVE-2024-20421 [HIGH] CWE-352 CVE-2024-20421: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapt
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
This vulnerability is due to insufficient CSRF protections for the web-based manageme
nvd
CVE-2022-20689HIGHCVSS 8.8fixed in 11.2.22022-12-12
CVE-2022-20689 [MEDIUM] CWE-130 CVE-2022-20689: Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analo
Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.
These vulnerabilities are due to missing length validation checks when processing Cisco Discovery
nvd
CVE-2022-20690HIGHCVSS 8.8fixed in 11.2.22022-12-12
CVE-2022-20690 [MEDIUM] CWE-130 CVE-2022-20690: Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analo
Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.
These vulnerabilities are due to missing length validation checks when processing Cisco Discovery
nvd
CVE-2022-20687MEDIUMCVSS 5.3fixed in 11.2.22022-12-12
CVE-2022-20687 [MEDIUM] CWE-120 CVE-2022-20687: Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190
Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart.
These vulnerabilities are due to missing length validation of certain LLDP p
nvd
CVE-2022-20686MEDIUMCVSS 5.3fixed in 11.2.22022-12-12
CVE-2022-20686 [MEDIUM] CWE-130 CVE-2022-20686: Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190
Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart.
These vulnerabilities are due to missing length validation of certain LLDP p
nvd
CVE-2022-20691MEDIUMCVSS 6.5fixed in 11.2.22022-12-12
CVE-2022-20691 [MEDIUM] CWE-400 CVE-2022-20691: A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telep
A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device.
This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could
nvd
CVE-2022-20688MEDIUMCVSS 5.3fixed in 11.2.22022-12-12
CVE-2022-20688 [MEDIUM] CWE-125 CVE-2022-20688: A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telepho
A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart.
This vulnerability is due to missing length validation of certain Cisco Discover
nvd