Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday revealed spots for eight susceptibilities in the firmware of ATA 190 set analog telephone adapters, consisting of two high-severity problems leading to configuration modifications and also cross-site request forgery (CSRF) assaults.Affecting the web-based management user interface of the firmware and tracked as CVE-2024-20458, the initial bug exists since certain HTTP endpoints are without authentication, enabling remote, unauthenticated attackers to surf to a details URL and also view or remove arrangements, or change the firmware.The second problem, tracked as CVE-2024-20421, permits remote control, unauthenticated opponents to conduct CSRF assaults and execute random activities on susceptible units. An aggressor can manipulate the surveillance issue by persuading a user to click on a crafted link.Cisco additionally covered a medium-severity vulnerability (CVE-2024-20459) that might allow distant, verified assailants to perform arbitrary commands along with root privileges.The staying five safety and security issues, all channel seriousness, may be exploited to administer cross-site scripting (XSS) assaults, carry out approximate commands as root, perspective security passwords, customize device setups or reboot the tool, and also work commands with administrator privileges.According to Cisco, ATA 191 (on-premises or even multiplatform) and also ATA 192 (multiplatform) tools are influenced. While there are no workarounds offered, turning off the online management interface in the Cisco ATA 191 on-premises firmware minimizes 6 of the defects.Patches for these bugs were actually included in firmware variation 12.0.2 for the ATA 191 analog telephone adapters, as well as firmware version 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco likewise introduced patches for pair of medium-severity surveillance issues in the UCS Central Software business administration remedy as well as the Unified Call Facility Management Portal (Unified CCMP) that can trigger sensitive details declaration as well as XSS assaults, respectively.Advertisement. Scroll to carry on reading.Cisco creates no reference of some of these susceptibilities being actually exploited in bush. Extra details can be located on the provider's safety and security advisories web page.Related: Splunk Venture Update Patches Remote Code Completion Vulnerabilities.Connected: ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Phoenix Connect With, CERT@VDE.Associated: Cisco to Buy System Intelligence Firm ThousandEyes.Associated: Cisco Patches Critical Susceptibilities in Perfect Structure (PRIVATE EYE) Software Program.