CVE-2019-12703

Name of the Vulnerable Software and Affected Versions Cisco SPA122 ATA (affected versions not specified)

Description The issue exists due to insufficient protection of the web page structure in the web-based management interface. An attacker could exploit this by sending specially crafted DHCP requests and persuading a user to click a crafted link, potentially allowing the execution of arbitrary code or access to confidential information. The vulnerability can also be exploited through cross-site scripting attacks due to insufficient validation of user-supplied input.

Recommendations For Cisco SPA122 ATA, consider disabling the web-based management interface until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of exploitation through crafted DHCP requests and malicious links. Avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.