A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device.
This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the firmware.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
22 Oct 2024, 18:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy - Vendor Advisory | |
CPE | cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:* cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:* cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:* cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Cisco
Cisco ata 192 Cisco ata 192 Firmware Cisco ata 191 Cisco ata 191 Firmware |
18 Oct 2024, 12:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-16 17:15
Updated : 2024-10-22 18:03
NVD link : CVE-2024-20458
Mitre link : CVE-2024-20458
CVE.ORG link : CVE-2024-20458
JSON object : View
Products Affected
cisco
- ata_192
- ata_192_firmware
- ata_191
- ata_191_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')