Cisco ATA 190 Series Analog Telephone Adapter Vulnerability: Remote Configuration Modification and Reboot Possible
CVE-2024-20463

7.1HIGH

Key Information:

Vendor
Cisco
Status
Cisco Analog Telephone Adaptor (ata) Software
Vendor
CVE Published:
16 October 2024

Badges

👾 Exploit Exists

Summary

A weakness in the web-based management interface of Cisco's ATA 190 Series Analog Telephone Adapter firmware permits an unauthenticated, remote adversary to alter the device configuration or initiate a reboot. This issue is linked to the HTTP server's faulty handling of state changes in GET requests, allowing attackers to exploit this vulnerability by dispatching malicious requests to the management interface. The execution of a successful exploit may result in limited configuration adjustments or device reboots, potentially leading to a denial of service (DoS) scenario.

Affected Version(s)

Cisco Analog Telephone Adaptor (ATA) Software 12.0.1 SR2

Cisco Analog Telephone Adaptor (ATA) Software 11.1.0

Cisco Analog Telephone Adaptor (ATA) Software 12.0.1 SR1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

.