Vulnslist

find the latest Cisco vulnerabilities

Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities

cisco-sa-ata19x-multi-RDTEqRsy · High · Published · Updated

Multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmware, both on-premises and multiplatform, could allow a remote attacker to delete or change the configuration, execute commands as the root user, conduct a cross-site scripting (XSS) attack against a user of the interface, view passwords, conduct a cross-site request forgery (CSRF) attack, or reboot the device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released firmware updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. However, there is a mitigation that addresses some of these vulnerabilities for Cisco ATA 191 on-premises firmware only. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities. However, there is a mitigation for the following vulnerabilities only:

CVE-2024-20458, CVE-2024-20421, CVE-2024-20459, CVE-2024-20460, CVE-2024-20463, CVE-2024-20420

The web-based management interface can be disabled in the Cisco ATA 191 on-premises firmware. It is disabled by default. For more information, see the Security Guide for Cisco Unified Communications Manager https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/12_5_1/cucm_b_security-guide-1251/cucm_b_security-guide-1251_chapter_01110.html#CUCM_RF_W6644052_00 .

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2024-20420, CVE-2024-20421, CVE-2024-20458, CVE-2024-20459, CVE-2024-20460, CVE-2024-20461, CVE-2024-20462, CVE-2024-20463
Cisco Bug IDsCSCwf28191, CSCwf28188, CSCwf28048, CSCwf28499, CSCwf28041, CSCwf28037, CSCwf28426, CSCwf28421, CSCwf28348, CSCwf28345, CSCwf28097, CSCwf28102, CSCwf28398, CSCwf28378, CSCwf30963
CVSS ScoreBase 5.4
Base 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
Base 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Base 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Base 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L/E:X/RL:X/RC:X
Base 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:X/RL:X/RC:X
Base 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:X/RL:X/RC:X
Base 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Base 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Analog Telephone Adaptor (ATA) Software

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2024-20463 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20462 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20461 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20460 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20459 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20458 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20421 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20420 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2024-20463 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2024-20462 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2024-20461 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2024-20460 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2024-20459 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2024-20458 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2024-20421 Cisco OpenVuln
Cisco MDS 9000 Family of Multilayer Switches CVE-2024-20420 Cisco OpenVuln
Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20463 Cisco OpenVuln
Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20462 Cisco OpenVuln
Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20461 Cisco OpenVuln
Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20460 Cisco OpenVuln
Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20459 Cisco OpenVuln
Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20458 Cisco OpenVuln
Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20421 Cisco OpenVuln
Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20420 Cisco OpenVuln