CVE-2024-20462
Vulnerability from cvelistv5
Published
2024-10-16 16:16
Modified
2024-10-31 13:17
Severity ?
EPSS score ?
Summary
Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Analog Telephone Adaptor (ATA) Software |
Version: 11.1.0 Version: 11.1.0 MSR1 Version: 11.1.0 MSR2 Version: 11.1.0 MSR3 Version: 11.1.0 MSR4 Version: 11.2.1 Version: 11.2.2 Version: 11.2.2 MSR1 Version: 11.2.3 Version: 11.2.4 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20462", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-16T17:41:24.679908Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T13:17:38.967Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco Analog Telephone Adaptor (ATA) Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "11.1.0" }, { "status": "affected", "version": "11.1.0 MSR1" }, { "status": "affected", "version": "11.1.0 MSR2" }, { "status": "affected", "version": "11.1.0 MSR3" }, { "status": "affected", "version": "11.1.0 MSR4" }, { "status": "affected", "version": "11.2.1" }, { "status": "affected", "version": "11.2.2" }, { "status": "affected", "version": "11.2.2 MSR1" }, { "status": "affected", "version": "11.2.3" }, { "status": "affected", "version": "11.2.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.\r\n\r\nThis vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-257", "description": "Storing Passwords in a Recoverable Format", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-16T16:16:44.345Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ata19x-multi-RDTEqRsy", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy" } ], "source": { "advisory": "cisco-sa-ata19x-multi-RDTEqRsy", "defects": [ "CSCwf28398" ], "discovery": "INTERNAL" }, "title": "Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20462", "datePublished": "2024-10-16T16:16:44.345Z", "dateReserved": "2023-11-08T15:08:07.680Z", "dateUpdated": "2024-10-31T13:17:38.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-20462\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2024-10-16T17:15:15.357\",\"lastModified\":\"2024-10-31T14:35:08.380\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.\\r\\n\\r\\nThis vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del adaptador telef\u00f3nico anal\u00f3gico multiplataforma Cisco ATA 190 Series podr\u00eda permitir que un atacante local autenticado con privilegios bajos vea las contrase\u00f1as en un dispositivo afectado. Esta vulnerabilidad se debe a una desinfecci\u00f3n incorrecta del contenido HTML de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante vea las contrase\u00f1as que pertenecen a otros usuarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-257\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0.2\",\"matchCriteriaId\":\"E464918E-6409-4ACC-B27A-ECD7A5A5ABF8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:*\",\"matchCriteriaId\":\"2BBB1A29-ABF8-4F79-A436-A416FAF4E7A9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.5\",\"matchCriteriaId\":\"8FA479CC-10DC-4B3A-A869-7E0CCD02C959\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:*\",\"matchCriteriaId\":\"B0C232BB-005C-4E04-9B99-2B01AC8E8BA1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.5\",\"matchCriteriaId\":\"7B66D888-565A-4EB1-B19B-594B302AAA72\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:*\",\"matchCriteriaId\":\"00A3390F-594D-4DB2-96EC-04D0D73C9421\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.