Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday announced patches for eight susceptabilities in the firmware of ATA 190 series analog telephone adapters, including 2 high-severity defects causing setup improvements as well as cross-site demand forgery (CSRF) assaults.Influencing the web-based control interface of the firmware as well as tracked as CVE-2024-20458, the very first bug exists given that specific HTTP endpoints lack authentication, allowing distant, unauthenticated assailants to search to a specific URL as well as sight or delete configurations, or even tweak the firmware.The second issue, tracked as CVE-2024-20421, makes it possible for remote control, unauthenticated attackers to conduct CSRF assaults and conduct random activities on vulnerable devices. An attacker can make use of the security defect through enticing a consumer to select a crafted link.Cisco additionally covered a medium-severity susceptability (CVE-2024-20459) that could allow remote, certified assaulters to execute random commands with origin benefits.The staying five surveillance problems, all channel severity, might be made use of to administer cross-site scripting (XSS) strikes, carry out random orders as origin, viewpoint codes, change unit setups or even reboot the tool, and also operate demands along with supervisor opportunities.According to Cisco, ATA 191 (on-premises or multiplatform) and ATA 192 (multiplatform) tools are actually had an effect on. While there are actually no workarounds readily available, disabling the online administration user interface in the Cisco ATA 191 on-premises firmware reduces 6 of the defects.Patches for these bugs were actually consisted of in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and also firmware version 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco likewise declared spots for two medium-severity safety defects in the UCS Central Software program venture monitoring remedy and the Unified Call Center Management Gateway (Unified CCMP) that might trigger vulnerable details acknowledgment and XSS assaults, respectively.Advertisement. Scroll to carry on reading.Cisco creates no acknowledgment of some of these vulnerabilities being actually capitalized on in the wild. Extra info may be discovered on the provider's surveillance advisories page.Connected: Splunk Company Update Patches Remote Code Completion Vulnerabilities.Connected: ICS Patch Tuesday: Advisories Posted through Siemens, Schneider, Phoenix Az Connect With, CERT@VDE.Related: Cisco to Purchase Network Knowledge Agency ThousandEyes.Connected: Cisco Patches Vital Susceptabilities in Main Commercial Infrastructure (PRIVATE DETECTIVE) Program.