Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday revealed spots for eight susceptabilities in the firmware of ATA 190 series analog telephone adapters, including pair of high-severity flaws bring about configuration modifications and cross-site request imitation (CSRF) attacks.Impacting the online administration interface of the firmware and tracked as CVE-2024-20458, the very first bug exists given that particular HTTP endpoints lack authorization, making it possible for remote, unauthenticated enemies to scan to a particular URL as well as viewpoint or remove arrangements, or modify the firmware.The second issue, tracked as CVE-2024-20421, makes it possible for remote, unauthenticated enemies to perform CSRF strikes and also perform approximate actions on susceptible gadgets. An assaulter may manipulate the security defect by enticing an individual to click on a crafted web link.Cisco additionally patched a medium-severity susceptibility (CVE-2024-20459) that could possibly permit remote, validated assaulters to execute approximate orders along with origin advantages.The continuing to be 5 safety and security defects, all tool intensity, might be made use of to administer cross-site scripting (XSS) assaults, perform arbitrary commands as root, perspective security passwords, customize tool configurations or reboot the tool, as well as work orders along with manager benefits.According to Cisco, ATA 191 (on-premises or even multiplatform) as well as ATA 192 (multiplatform) tools are actually had an effect on. While there are no workarounds available, disabling the web-based administration interface in the Cisco ATA 191 on-premises firmware reduces 6 of the defects.Patches for these bugs were included in firmware variation 12.0.2 for the ATA 191 analog telephone adapters, and firmware model 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.On Wednesday, Cisco additionally revealed spots for pair of medium-severity safety and security issues in the UCS Central Software organization management option and the Unified Call Facility Control Portal (Unified CCMP) that could bring about delicate information disclosure and also XSS attacks, respectively.Advertisement. Scroll to proceed analysis.Cisco creates no reference of any of these vulnerabilities being exploited in bush. Extra details can be found on the company's safety and security advisories webpage.Connected: Splunk Organization Update Patches Remote Code Execution Vulnerabilities.Connected: ICS Spot Tuesday: Advisories Released by Siemens, Schneider, Phoenix Az Contact, CERT@VDE.Connected: Cisco to Acquire System Intelligence Organization ThousandEyes.Connected: Cisco Patches Critical Vulnerabilities in Perfect Framework (PI) Software Program.