Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday introduced patches for 8 weakness in the firmware of ATA 190 series analog telephone adapters, consisting of pair of high-severity flaws triggering configuration adjustments and also cross-site demand bogus (CSRF) strikes.Impacting the web-based control interface of the firmware as well as tracked as CVE-2024-20458, the initial bug exists considering that details HTTP endpoints do not have authentication, permitting distant, unauthenticated assaulters to scan to a particular link and perspective or even delete setups, or even change the firmware.The 2nd issue, tracked as CVE-2024-20421, makes it possible for remote, unauthenticated opponents to administer CSRF attacks and execute approximate actions on at risk units. An enemy may manipulate the security issue by enticing an individual to click a crafted web link.Cisco also patched a medium-severity susceptability (CVE-2024-20459) that could allow remote, confirmed attackers to execute arbitrary orders along with origin privileges.The remaining five surveillance issues, all channel extent, may be exploited to perform cross-site scripting (XSS) attacks, carry out arbitrary orders as root, sight passwords, tweak device configurations or reboot the tool, and also operate commands along with supervisor opportunities.According to Cisco, ATA 191 (on-premises or even multiplatform) as well as ATA 192 (multiplatform) gadgets are actually influenced. While there are no workarounds accessible, disabling the online monitoring interface in the Cisco ATA 191 on-premises firmware minimizes six of the imperfections.Patches for these bugs were featured in firmware variation 12.0.2 for the ATA 191 analog telephone adapters, and also firmware version 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.On Wednesday, Cisco likewise declared spots for pair of medium-severity safety and security problems in the UCS Central Software application enterprise control service and also the Unified Connect With Facility Administration Gateway (Unified CCMP) that could possibly cause delicate information disclosure as well as XSS strikes, respectively.Advertisement. Scroll to carry on reading.Cisco creates no mention of some of these susceptabilities being actually exploited in bush. Added information can be found on the provider's safety and security advisories page.Related: Splunk Enterprise Update Patches Remote Code Implementation Vulnerabilities.Related: ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Call, CERT@VDE.Associated: Cisco to Acquire System Intelligence Organization ThousandEyes.Associated: Cisco Patches Essential Weakness in Top Structure (PRIVATE EYE) Program.

Articles You Can Be Interested In