Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday introduced patches for 8 weakness in the firmware of ATA 190 collection analog telephone adapters, featuring two high-severity flaws resulting in setup changes and also cross-site ask for forgery (CSRF) assaults.Impacting the online management user interface of the firmware as well as tracked as CVE-2024-20458, the first bug exists because certain HTTP endpoints are without verification, enabling remote control, unauthenticated aggressors to browse to a details link and perspective or delete arrangements, or even change the firmware.The 2nd problem, tracked as CVE-2024-20421, allows distant, unauthenticated enemies to perform CSRF assaults as well as carry out arbitrary activities on prone units. An opponent may manipulate the safety problem by persuading a consumer to select a crafted hyperlink.Cisco likewise covered a medium-severity vulnerability (CVE-2024-20459) that could possibly permit remote, validated aggressors to carry out arbitrary orders with origin advantages.The staying 5 protection problems, all channel extent, might be manipulated to conduct cross-site scripting (XSS) strikes, perform arbitrary orders as root, perspective passwords, customize gadget setups or reboot the gadget, as well as operate orders with administrator opportunities.According to Cisco, ATA 191 (on-premises or even multiplatform) and ATA 192 (multiplatform) units are influenced. While there are no workarounds on call, disabling the web-based monitoring interface in the Cisco ATA 191 on-premises firmware relieves six of the problems.Patches for these bugs were featured in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and firmware version 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.On Wednesday, Cisco likewise announced spots for pair of medium-severity safety problems in the UCS Central Software application company management answer as well as the Unified Get In Touch With Facility Monitoring Site (Unified CCMP) that can bring about vulnerable info declaration and XSS attacks, respectively.Advertisement. Scroll to proceed reading.Cisco makes no reference of some of these susceptabilities being actually made use of in the wild. Added info could be discovered on the company's safety advisories webpage.Associated: Splunk Company Update Patches Remote Code Completion Vulnerabilities.Connected: ICS Spot Tuesday: Advisories Published through Siemens, Schneider, Phoenix Az Connect With, CERT@VDE.Related: Cisco to Acquire System Intellect Firm ThousandEyes.Connected: Cisco Patches Critical Weakness in Excellent Framework (PI) Software Application.