Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday announced spots for eight weakness in the firmware of ATA 190 set analog telephone adapters, consisting of two high-severity problems causing configuration improvements and cross-site request forgery (CSRF) assaults.Influencing the web-based management user interface of the firmware and tracked as CVE-2024-20458, the very first bug exists considering that particular HTTP endpoints are without verification, making it possible for remote control, unauthenticated opponents to browse to a particular link and also scenery or erase setups, or tweak the firmware.The 2nd problem, tracked as CVE-2024-20421, enables remote, unauthenticated attackers to carry out CSRF attacks and conduct random actions on susceptible units. An assaulter can easily capitalize on the surveillance defect through persuading a consumer to click a crafted web link.Cisco additionally patched a medium-severity susceptibility (CVE-2024-20459) that could make it possible for remote, validated assaulters to carry out arbitrary demands along with root opportunities.The continuing to be five protection problems, all medium extent, might be manipulated to carry out cross-site scripting (XSS) assaults, implement random orders as root, viewpoint passwords, change tool configurations or even reboot the device, and also function demands along with manager advantages.According to Cisco, ATA 191 (on-premises or multiplatform) and also ATA 192 (multiplatform) tools are actually affected. While there are no workarounds accessible, turning off the online control interface in the Cisco ATA 191 on-premises firmware alleviates 6 of the flaws.Patches for these bugs were actually included in firmware model 12.0.2 for the ATA 191 analog telephone adapters, as well as firmware version 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.On Wednesday, Cisco likewise announced patches for pair of medium-severity safety problems in the UCS Central Software organization management option and the Unified Get In Touch With Facility Control Portal (Unified CCMP) that could cause sensitive details disclosure and XSS attacks, respectively.Advertisement. Scroll to continue analysis.Cisco makes no mention of any one of these weakness being actually manipulated in bush. Additional information could be discovered on the provider's safety advisories web page.Connected: Splunk Venture Update Patches Remote Code Implementation Vulnerabilities.Associated: ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Az Connect With, CERT@VDE.Associated: Cisco to Get Network Knowledge Organization ThousandEyes.Connected: Cisco Patches Important Weakness in Prime Framework (PI) Software Program.