Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday introduced spots for eight vulnerabilities in the firmware of ATA 190 collection analog telephone adapters, featuring two high-severity imperfections triggering configuration modifications as well as cross-site demand forgery (CSRF) attacks.Affecting the online administration user interface of the firmware and also tracked as CVE-2024-20458, the 1st bug exists considering that specific HTTP endpoints lack authentication, allowing remote control, unauthenticated assailants to browse to a details link and also sight or even remove setups, or even customize the firmware.The 2nd issue, tracked as CVE-2024-20421, permits distant, unauthenticated assailants to carry out CSRF assaults and carry out arbitrary activities on susceptible devices. An assaulter can exploit the protection flaw by convincing a consumer to select a crafted web link.Cisco likewise patched a medium-severity weakness (CVE-2024-20459) that could allow remote, verified opponents to perform approximate commands with root privileges.The remaining five safety problems, all channel intensity, can be made use of to carry out cross-site scripting (XSS) assaults, implement approximate demands as origin, viewpoint passwords, customize device arrangements or reboot the tool, and also operate demands with supervisor advantages.Depending on to Cisco, ATA 191 (on-premises or even multiplatform) and also ATA 192 (multiplatform) units are impacted. While there are actually no workarounds offered, disabling the web-based monitoring user interface in the Cisco ATA 191 on-premises firmware mitigates 6 of the imperfections.Patches for these bugs were actually featured in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and firmware model 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.On Wednesday, Cisco additionally announced spots for 2 medium-severity security issues in the UCS Central Software organization monitoring option and also the Unified Connect With Facility Monitoring Portal (Unified CCMP) that might result in delicate relevant information declaration and XSS assaults, respectively.Advertisement. Scroll to proceed reading.Cisco makes no mention of any one of these weakness being actually exploited in the wild. Extra details can be located on the firm's protection advisories webpage.Connected: Splunk Business Update Patches Remote Code Implementation Vulnerabilities.Related: ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Phoenix Metro Get In Touch With, CERT@VDE.Connected: Cisco to Purchase Network Intelligence Company ThousandEyes.Related: Cisco Patches Essential Susceptibilities in Best Facilities (PI) Software.