← Back

CVE-2019-12708

nvd nist
Published: Oct 16, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device.

Affected (10)

Cisco
2 products
Spa112 Firmware
Spa122 Firmware
Configuration A
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Spa112 Firmware
Before 1.4.1
Spa112 Firmware
Version 1.4.1
Spa112 Firmware
Version 1.4.1 sr1
Spa112 Firmware
Version 1.4.1 sr2
Spa112 Firmware
Version 1.4.1 sr3
Running on/withPlatform Versions
Cisco
Spa112
All versions
Configuration B
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Spa122 Firmware
Before 1.4.1
Spa122 Firmware
Version 1.4.1
Spa122 Firmware
Version 1.4.1 sr1
Spa122 Firmware
Version 1.4.1 sr2
Spa122 Firmware
Version 1.4.1 sr3
Running on/withPlatform Versions
Cisco
Spa122
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.