CVE-2024-20463
7.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Exploitability: 2.8 / Impact: 4.2
Source: NVD
Description
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device.
This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition.
Affected (3)
Products: Cisco: Ata 191 Firmware, Ata 192 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 12.0.2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ata 191 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.2.5 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ata 191 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.2.5 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ata 192 | All versions |
Related CWEs
CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
References (1)
Source: psirt@cisco.com
Vendor Advisory
Timeline
No history available yet.