Cisco Spa112 Firmware vulnerabilities

CVE-2023-20126 [CRITICAL] CWE-306 CVE-2023-20126: A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could al A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an

CVE-2019-15241 [HIGH] CWE-119 CVE-2019-15241: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15246 [HIGH] CWE-119 CVE-2019-15246: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15252 [HIGH] CWE-119 CVE-2019-15252: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15242 [HIGH] CWE-119 CVE-2019-15242: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15247 [HIGH] CWE-119 CVE-2019-15247: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15250 [HIGH] CWE-119 CVE-2019-15250: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15244 [HIGH] CWE-119 CVE-2019-15244: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15243 [HIGH] CWE-119 CVE-2019-15243: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15251 [HIGH] CWE-119 CVE-2019-15251: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15248 [HIGH] CWE-119 CVE-2019-15248: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15249 [HIGH] CWE-119 CVE-2019-15249: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15240 [HIGH] CWE-119 CVE-2019-15240: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-15245 [HIGH] CWE-119 CVE-2019-15245: Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an auth Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenti

CVE-2019-12704 [MEDIUM] CWE-200 CVE-2019-12704: A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapte A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerab

CVE-2019-15258 [MEDIUM] CWE-399 CVE-2019-15258: A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapte A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could ex

CVE-2019-12708 [MEDIUM] CWE-200 CVE-2019-12708: A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapte A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web

CVE-2019-15257 [MEDIUM] CWE-200 CVE-2019-15257: A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapte A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An attacker could exploit this vulnerability by sending a re

CVE-2019-12702 [MEDIUM] CWE-79 CVE-2019-12702: A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapte A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker coul

CVE-2019-1683 [HIGH] CWE-295 CVE-2019-1683: A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server cer