Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday introduced patches for 8 weakness in the firmware of ATA 190 series analog telephone adapters, including pair of high-severity problems triggering setup modifications and cross-site ask for forgery (CSRF) assaults.Affecting the web-based management interface of the firmware as well as tracked as CVE-2024-20458, the 1st bug exists given that particular HTTP endpoints lack authentication, enabling remote control, unauthenticated attackers to search to a particular URL and viewpoint or erase setups, or even modify the firmware.The second concern, tracked as CVE-2024-20421, enables remote, unauthenticated attackers to perform CSRF strikes and also do arbitrary actions on prone devices. An attacker can manipulate the security problem through convincing a user to click a crafted link.Cisco likewise patched a medium-severity vulnerability (CVE-2024-20459) that could make it possible for remote control, authenticated assailants to carry out approximate demands along with root privileges.The staying 5 safety defects, all medium intensity, might be manipulated to carry out cross-site scripting (XSS) strikes, carry out approximate commands as origin, viewpoint security passwords, modify unit configurations or reboot the tool, as well as work commands along with manager privileges.Depending on to Cisco, ATA 191 (on-premises or multiplatform) and also ATA 192 (multiplatform) units are influenced. While there are no workarounds offered, turning off the web-based control user interface in the Cisco ATA 191 on-premises firmware minimizes 6 of the defects.Patches for these bugs were featured in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and firmware variation 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco also declared patches for pair of medium-severity security flaws in the UCS Central Software venture monitoring answer and the Unified Contact Center Administration Portal (Unified CCMP) that might trigger sensitive details acknowledgment and XSS strikes, respectively.Advertisement. Scroll to continue analysis.Cisco creates no mention of any one of these susceptibilities being actually made use of in bush. Extra details may be found on the company's safety advisories webpage.Connected: Splunk Organization Update Patches Remote Code Completion Vulnerabilities.Associated: ICS Spot Tuesday: Advisories Posted through Siemens, Schneider, Phoenix Contact, CERT@VDE.Connected: Cisco to Buy System Intellect Company ThousandEyes.Related: Cisco Patches Important Susceptabilities in Best Framework (PRIVATE EYE) Program.