Cisco ATA 190 Multiplatform Series Analog Telephone Adapter Vulnerability
CVE-2024-20459

7.2HIGH

Key Information:

Vendor: Cisco
Status: Ata 191 Firmware
Vendor: CVE Published:; 16 October 2024

Summary

A vulnerability exists in the web-based management interface of the Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware. This issue stems from inadequate input sanitization, which could permit an authenticated remote attacker with elevated privileges to execute arbitrary commands as the root user on the underlying operating system. By crafting a malicious request directed at the affected management interface, attackers may exploit this vulnerability to gain unauthorized access and control, posing significant risks to system integrity and security.

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024