Cisco has disclosed a number of vulnerabilities affecting its ATA 190 Collection Analog Phone Adapter firmware, posing vital consumer dangers.
These vulnerabilities may enable distant attackers to execute unauthorized actions, together with distant code execution, configuration adjustments, and so on. Right here’s an in depth breakdown of the vulnerabilities and their potential affect.
Abstract of Vulnerabilities
Cisco’s advisory highlights a number of vulnerabilities within the ATA 190 Collection Analog Phone Adapter firmware, each on-premises and multiplatform. These vulnerabilities embrace:
- Distant Code Execution: Attackers can execute instructions as the basis consumer.
- Cross-site scripting (XSS): Permits attackers to inject malicious scripts.
- Cross-Web site Request Forgery (CSRF): Allows attackers to carry out actions on behalf of customers.
- Configuration Modifications: Unauthorized customers can alter machine configurations.
- Data Disclosure: Attackers can view delicate info like passwords.
Free Webinar on Tips on how to Shield Small Companies Towards Superior Cyberthreats -> Watch Right here
A number of CVE entries, together with CVE-2024-20420, CVE-2024-20421, and CVE-2024-20458, determine the vulnerabilities.
The Frequent Vulnerability Scoring System (CVSS) scores for these points vary from 5.4 to eight.2, indicating medium to excessive severity.
Affected Merchandise
The vulnerabilities affect the next Cisco merchandise if they’re operating susceptible firmware variations:
- ATA 191: Each on-premises and multiplatform variations.
- ATA 192: Multiplatform model solely.
Cisco has confirmed that no different merchandise are affected by these vulnerabilities.
Particulars of Particular Vulnerabilities
CVE-2024-20458: Authentication Vulnerability
This vulnerability permits unauthenticated distant attackers to view or delete configurations or change the firmware through particular HTTP endpoints. Because of a scarcity of authentication, it has a CVSS rating of 8.2, making it extremely essential.
CVE-2024-20420: Cisco ATA 190 Collection Privilege Escalation Vulnerability
A vulnerability within the web-based administration interface of Cisco ATA 190 Collection Analog Phone Adapter firmware permits authenticated distant attackers with low privileges to execute instructions as an Admin consumer.
This problem arises from incorrect authorization verification by the HTTP server. Exploitation includes sending a malicious request to the administration interface, doubtlessly enabling attackers to realize admin-level command execution.
CVE-2024-20421: CSRF Vulnerability
An inadequate CSRF safety mechanism permits attackers to carry out arbitrary actions on affected units by tricking customers into following crafted hyperlinks. This vulnerability has a CVSS rating of seven.1.
Presently, there are not any workarounds for these vulnerabilities. Nonetheless, Cisco has mitigated some points within the ATA 191 on-premises firmware by disabling the web-based administration interface, which is disabled by default.
Fastened Software program
Cisco has launched firmware updates addressing these vulnerabilities. Customers are urged to improve to safe their units:
- ATA 191: Improve from model 12.0.1 or earlier to 12.0.2.
- ATA 191 and 192 Multiplatform: Improve from model 11.2.4 or earlier to 11.2.5.
Cisco gives free software program updates for patrons with out service contracts via their Technical Help Middle (TAC).
The invention of those vulnerabilities underscores the significance of normal software program updates and vigilance in cybersecurity practices.
Organizations utilizing Cisco ATA 190 Collection units ought to prioritize upgrading their firmware to mitigate potential dangers related to these vulnerabilities.
Tips on how to Select an final Managed SIEM answer for Your Safety Crew -> Obtain Free Information (PDF)