cnvd - cnvd-2019-36891

cnvd-2019-36891

Vulnerability from cnvd

Title: Cisco SPA100远程代码执行漏洞（CNVD-2019-36891）

Description:

Cisco SPA100系列是Cisco推出的模拟电话适配器，可让您的标准模拟电话通过RJ-11电话端口接入互联网电话服务。

固件为1.4.1 SR4及更早版本的Cisco SPA100系列存在远程代码执行漏洞。该漏洞源于对用户提供的输入验证不当。攻击者可通过发送特制请求利用该漏洞以提升的权限执行任意代码。

Severity: 中

Patch Name: Cisco SPA100远程代码执行漏洞（CNVD-2019-36891）的补丁

Patch Description:

Cisco SPA100系列是Cisco推出的模拟电话适配器，可让您的标准模拟电话通过RJ-11电话端口接入互联网电话服务。

固件为1.4.1 SR4及更早版本的Cisco SPA100系列存在远程代码执行漏洞。该漏洞源于对用户提供的输入验证不当。攻击者可通过发送特制请求利用该漏洞以提升的权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce

Impacted products

Name
['Cisco SPA112 <=1.4.1 SR4', 'Cisco SPA122 ATA with Router <=1.4.1 SR4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15241",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-15241"
    }
  },
  "description": "Cisco SPA100\u7cfb\u5217\u662fCisco\u63a8\u51fa\u7684\u6a21\u62df\u7535\u8bdd\u9002\u914d\u5668\uff0c\u53ef\u8ba9\u60a8\u7684\u6807\u51c6\u6a21\u62df\u7535\u8bdd\u901a\u8fc7RJ-11\u7535\u8bdd\u7aef\u53e3\u63a5\u5165\u4e92\u8054\u7f51\u7535\u8bdd\u670d\u52a1\u3002\n\n\u56fa\u4ef6\u4e3a1.4.1 SR4\u53ca\u66f4\u65e9\u7248\u672c\u7684Cisco SPA100\u7cfb\u5217\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-36891",
  "openTime": "2019-10-23",
  "patchDescription": "Cisco SPA100\u7cfb\u5217\u662fCisco\u63a8\u51fa\u7684\u6a21\u62df\u7535\u8bdd\u9002\u914d\u5668\uff0c\u53ef\u8ba9\u60a8\u7684\u6807\u51c6\u6a21\u62df\u7535\u8bdd\u901a\u8fc7RJ-11\u7535\u8bdd\u7aef\u53e3\u63a5\u5165\u4e92\u8054\u7f51\u7535\u8bdd\u670d\u52a1\u3002\r\n\r\n\u56fa\u4ef6\u4e3a1.4.1 SR4\u53ca\u66f4\u65e9\u7248\u672c\u7684Cisco SPA100\u7cfb\u5217\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco SPA100\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2019-36891\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco SPA112 \u003c=1.4.1 SR4",
      "Cisco SPA122 ATA with Router \u003c=1.4.1 SR4"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-17",
  "title": "Cisco SPA100\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2019-36891\uff09"
}

CVE-2019-15241 (GCVE-0-2019-15241)

Vulnerability from cvelistv5

Published

2019-10-16 18:36

Modified

2024-11-20 17:06

Severity ?

8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119

Summary

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco SPA112 2-Port Phone Adapter	Version: unspecified < n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20191016 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-15241",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T16:51:07.055031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T17:06:40.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SPA112 2-Port Phone Adapter",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T18:36:31",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20191016 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20191016-spa-rce",
        "defect": [
          [
            "CSCvq50494"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-10-16T16:00:00-0700",
          "ID": "CVE-2019-15241",
          "STATE": "PUBLIC",
          "TITLE": "Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SPA112 2-Port Phone Adapter",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.0",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20191016 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20191016-spa-rce",
          "defect": [
            [
              "CSCvq50494"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-15241",
    "datePublished": "2019-10-16T18:36:31.414229Z",
    "dateReserved": "2019-08-20T00:00:00",
    "dateUpdated": "2024-11-20T17:06:40.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted