CVE-2019-12704

Name of the Vulnerable Software and Affected Versions Cisco SPA100 Series Analog Telephone Adapters (ATAs) (affected versions not specified)

Description The issue is related to improper input validation in the web-based management interface, allowing an authenticated, remote attacker to view the contents of arbitrary files on an affected device. This could be achieved by sending a crafted request to the web-based management interface, potentially resulting in the disclosure of sensitive information.

Recommendations For Cisco SPA100 Series Analog Telephone Adapters (ATAs), consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. Avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.