Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday announced spots for eight susceptibilities in the firmware of ATA 190 series analog telephone adapters, featuring two high-severity problems triggering arrangement adjustments and also cross-site ask for forgery (CSRF) attacks.Impacting the online control user interface of the firmware and also tracked as CVE-2024-20458, the first bug exists since specific HTTP endpoints are without verification, enabling remote control, unauthenticated enemies to surf to a particular link and also view or even delete configurations, or tweak the firmware.The 2nd problem, tracked as CVE-2024-20421, allows remote control, unauthenticated opponents to carry out CSRF strikes and also carry out arbitrary activities on at risk devices. An assaulter may manipulate the security problem through convincing a user to click a crafted web link.Cisco likewise covered a medium-severity vulnerability (CVE-2024-20459) that could enable distant, certified enemies to carry out random orders with origin benefits.The remaining five safety flaws, all tool severeness, might be made use of to carry out cross-site scripting (XSS) strikes, implement random commands as root, perspective security passwords, tweak gadget arrangements or even reboot the gadget, and also operate commands with administrator privileges.According to Cisco, ATA 191 (on-premises or multiplatform) and also ATA 192 (multiplatform) gadgets are influenced. While there are actually no workarounds on call, turning off the online management interface in the Cisco ATA 191 on-premises firmware reduces 6 of the problems.Patches for these bugs were actually included in firmware model 12.0.2 for the ATA 191 analog telephone adapters, and firmware version 11.2.5 for the ATA 191 as well as 192 multiplatform analog telephone adapters.On Wednesday, Cisco also declared spots for pair of medium-severity security defects in the UCS Central Program organization administration service as well as the Unified Contact Facility Control Portal (Unified CCMP) that might result in delicate information declaration and XSS attacks, respectively.Advertisement. Scroll to proceed analysis.Cisco creates no mention of any of these susceptabilities being actually exploited in bush. Extra relevant information can be located on the provider's surveillance advisories web page.Connected: Splunk Enterprise Update Patches Remote Code Completion Vulnerabilities.Associated: ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Metro Get In Touch With, CERT@VDE.Connected: Cisco to Buy Network Knowledge Company ThousandEyes.Connected: Cisco Patches Essential Vulnerabilities in Top Infrastructure (PRIVATE EYE) Software Program.