PT-2021-16749 · Adtran · Netvanta 7060+2
Casey Erdmann
·
Published
2021-04-20
·
Updated
2024-08-03
·
CVE-2021-25679
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
AdTran Personal Phone Manager versions 10.8.1 and earlier
Description
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issue. This issue impacts versions 10.8.1 and below, and potentially later versions as well, since they have not previously been disclosed. The affected appliances, NetVanta 7060 and NetVanta 7100, are considered End of Life and will not be patched.
Recommendations
For versions 10.8.1 and earlier, as the affected appliances are End of Life and will not receive a patch, consider disabling the software or restricting access to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adtran Personal Phone Manager
Netvanta 7060
Netvanta 7100