1. CVE-Search
  2. CVE-2019-15258
ID CVE-2019-15258
Summary A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:spa112_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa112_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa112_firmware:1.4.1:-:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa112_firmware:1.4.1:-:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr1:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr1:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr2:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr2:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr3:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr3:*:*:*:*:*:*
  • cpe:2.3:h:cisco:spa112:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:spa112:-:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa122_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa122_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa122_firmware:1.4.1:-:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa122_firmware:1.4.1:-:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr1:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr1:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr2:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr2:*:*:*:*:*:*
  • cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr3:*:*:*:*:*:*
    cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr3:*:*:*:*:*:*
  • cpe:2.3:h:cisco:spa122:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:spa122:-:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 09-10-2020 - 12:39)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
refmap via4
cisco 20191016 Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability
misc https://www.tenable.com/security/research/tra-2019-44
Last major update 09-10-2020 - 12:39
Published 16-10-2019 - 19:15
Last modified 09-10-2020 - 12:39
Back to Top