Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday introduced patches for 8 vulnerabilities in the firmware of ATA 190 set analog telephone adapters, including pair of high-severity problems causing configuration modifications and cross-site demand forgery (CSRF) attacks.Impacting the web-based monitoring interface of the firmware as well as tracked as CVE-2024-20458, the 1st bug exists because details HTTP endpoints are without authentication, making it possible for remote, unauthenticated enemies to browse to a particular link as well as scenery or erase arrangements, or change the firmware.The 2nd concern, tracked as CVE-2024-20421, makes it possible for distant, unauthenticated opponents to perform CSRF attacks and also carry out random activities on vulnerable devices. An enemy can easily make use of the safety and security problem through enticing a customer to select a crafted hyperlink.Cisco additionally patched a medium-severity susceptibility (CVE-2024-20459) that could make it possible for remote, certified assailants to execute random demands along with root benefits.The remaining 5 surveillance problems, all medium seriousness, could be manipulated to perform cross-site scripting (XSS) strikes, carry out random commands as origin, view security passwords, modify tool setups or even reboot the unit, and work commands with manager privileges.According to Cisco, ATA 191 (on-premises or even multiplatform) and ATA 192 (multiplatform) gadgets are actually affected. While there are actually no workarounds on call, disabling the online management interface in the Cisco ATA 191 on-premises firmware reduces six of the imperfections.Patches for these bugs were featured in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and also firmware variation 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco additionally announced patches for pair of medium-severity protection defects in the UCS Central Software company control service and the Unified Contact Facility Monitoring Gateway (Unified CCMP) that could result in delicate info disclosure as well as XSS strikes, respectively.Advertisement. Scroll to proceed analysis.Cisco makes no mention of any of these weakness being actually manipulated in bush. Added details may be found on the company's safety advisories page.Related: Splunk Venture Update Patches Remote Code Execution Vulnerabilities.Connected: ICS Spot Tuesday: Advisories Published through Siemens, Schneider, Phoenix Metro Contact, CERT@VDE.Associated: Cisco to Acquire System Intelligence Company ThousandEyes.Related: Cisco Patches Critical Vulnerabilities in Best Facilities (PI) Software Application.