PT-2024-7345 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter
Published
2024-10-16
·
Updated
2024-10-31
·
CVE-2024-20420
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Cisco ATA 190 Series Analog Telephone Adapter firmware (affected versions not specified)
Description:
A vulnerability in the web-based management interface could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This issue is due to incorrect authorization verification by the HTTP server. An attacker could exploit this by sending a malicious request to the web-based management interface, potentially allowing them to run commands as the Admin user.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Ata 190 Series Analog Telephone Adapter