Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday revealed spots for 8 weakness in the firmware of ATA 190 collection analog telephone adapters, featuring two high-severity problems leading to arrangement improvements and cross-site demand forgery (CSRF) attacks.Affecting the web-based administration interface of the firmware as well as tracked as CVE-2024-20458, the initial bug exists given that certain HTTP endpoints lack verification, permitting remote, unauthenticated assaulters to surf to a details URL and also viewpoint or erase arrangements, or modify the firmware.The second issue, tracked as CVE-2024-20421, allows remote, unauthenticated attackers to carry out CSRF assaults and conduct random activities on prone devices. An opponent may capitalize on the safety problem by persuading a consumer to select a crafted web link.Cisco also covered a medium-severity weakness (CVE-2024-20459) that could permit remote, authenticated assailants to implement random commands with origin privileges.The remaining five protection flaws, all channel intensity, may be manipulated to perform cross-site scripting (XSS) assaults, execute random orders as root, view security passwords, change unit configurations or reboot the tool, and run commands with supervisor benefits.According to Cisco, ATA 191 (on-premises or even multiplatform) and ATA 192 (multiplatform) tools are actually influenced. While there are actually no workarounds on call, turning off the web-based administration user interface in the Cisco ATA 191 on-premises firmware relieves six of the defects.Patches for these bugs were actually featured in firmware model 12.0.2 for the ATA 191 analog telephone adapters, as well as firmware version 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco additionally announced spots for pair of medium-severity protection problems in the UCS Central Software organization management option and also the Unified Connect With Facility Management Site (Unified CCMP) that could bring about delicate information declaration and also XSS attacks, respectively.Advertisement. Scroll to continue reading.Cisco creates no acknowledgment of any one of these vulnerabilities being exploited in the wild. Added information could be found on the company's security advisories web page.Associated: Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities.Connected: ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Az Connect With, CERT@VDE.Connected: Cisco to Purchase Network Intellect Firm ThousandEyes.Connected: Cisco Patches Critical Weakness in Top Structure (PRIVATE DETECTIVE) Program.