Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday declared spots for 8 susceptabilities in the firmware of ATA 190 collection analog telephone adapters, including pair of high-severity imperfections leading to configuration improvements and cross-site demand forgery (CSRF) assaults.Influencing the online management interface of the firmware and also tracked as CVE-2024-20458, the first bug exists since certain HTTP endpoints are without authorization, allowing distant, unauthenticated aggressors to browse to a specific link as well as view or even erase arrangements, or even change the firmware.The second problem, tracked as CVE-2024-20421, makes it possible for remote, unauthenticated opponents to carry out CSRF attacks and also execute arbitrary actions on at risk gadgets. An attacker can exploit the security problem through encouraging an individual to click on a crafted web link.Cisco additionally covered a medium-severity weakness (CVE-2024-20459) that might allow remote control, validated aggressors to carry out random demands along with origin opportunities.The continuing to be five surveillance problems, all tool seriousness, could be capitalized on to administer cross-site scripting (XSS) assaults, execute arbitrary orders as root, scenery codes, tweak unit arrangements or even reboot the tool, and function demands along with supervisor advantages.According to Cisco, ATA 191 (on-premises or multiplatform) as well as ATA 192 (multiplatform) devices are impacted. While there are no workarounds offered, turning off the online management user interface in the Cisco ATA 191 on-premises firmware alleviates six of the imperfections.Patches for these bugs were featured in firmware model 12.0.2 for the ATA 191 analog telephone adapters, as well as firmware model 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco likewise introduced spots for pair of medium-severity protection problems in the UCS Central Program enterprise control answer and the Unified Get In Touch With Center Administration Portal (Unified CCMP) that could lead to delicate details disclosure and also XSS assaults, respectively.Advertisement. Scroll to carry on analysis.Cisco makes no acknowledgment of any one of these weakness being actually manipulated in bush. Added details may be located on the firm's protection advisories page.Related: Splunk Company Update Patches Remote Code Execution Vulnerabilities.Connected: ICS Spot Tuesday: Advisories Released through Siemens, Schneider, Phoenix Metro Contact, CERT@VDE.Associated: Cisco to Buy Network Cleverness Firm ThousandEyes.Associated: Cisco Patches Crucial Susceptibilities in Perfect Framework (PRIVATE EYE) Software Application.