Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday announced spots for 8 weakness in the firmware of ATA 190 collection analog telephone adapters, featuring 2 high-severity problems triggering arrangement changes and also cross-site request imitation (CSRF) assaults.Influencing the online monitoring interface of the firmware and tracked as CVE-2024-20458, the initial bug exists considering that details HTTP endpoints are without authorization, making it possible for remote, unauthenticated opponents to explore to a certain link as well as view or delete arrangements, or even customize the firmware.The 2nd issue, tracked as CVE-2024-20421, allows remote, unauthenticated assaulters to administer CSRF assaults and also carry out arbitrary actions on at risk units. An opponent can easily manipulate the protection defect by encouraging a customer to click on a crafted web link.Cisco also patched a medium-severity vulnerability (CVE-2024-20459) that could possibly allow distant, validated aggressors to perform random commands along with origin advantages.The remaining 5 surveillance defects, all tool seriousness, can be made use of to administer cross-site scripting (XSS) assaults, perform random commands as root, scenery passwords, tweak tool setups or even reboot the gadget, as well as run orders with manager opportunities.Depending on to Cisco, ATA 191 (on-premises or even multiplatform) and also ATA 192 (multiplatform) gadgets are influenced. While there are actually no workarounds offered, turning off the web-based management user interface in the Cisco ATA 191 on-premises firmware minimizes 6 of the problems.Patches for these bugs were consisted of in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and also firmware model 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco likewise declared patches for 2 medium-severity surveillance flaws in the UCS Central Software enterprise monitoring answer and also the Unified Contact Center Monitoring Website (Unified CCMP) that can bring about sensitive information disclosure and also XSS assaults, respectively.Advertisement. Scroll to proceed reading.Cisco creates no reference of some of these weakness being actually made use of in the wild. Added information may be located on the firm's security advisories webpage.Related: Splunk Company Update Patches Remote Code Execution Vulnerabilities.Connected: ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Contact, CERT@VDE.Associated: Cisco to Acquire Network Knowledge Agency ThousandEyes.Associated: Cisco Patches Crucial Weakness in Best Infrastructure (PRIVATE EYE) Software Application.