Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability
CVE-2019-12704

6.5MEDIUM

Key Information:

Vendor
Cisco
Vendor
CVE Published:
16 October 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information.

Affected Version(s)

Cisco SPA112 2-Port Phone Adapter < unspecified

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.