Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday introduced spots for eight weakness in the firmware of ATA 190 series analog telephone adapters, including two high-severity imperfections triggering arrangement improvements as well as cross-site demand imitation (CSRF) attacks.Impacting the web-based management user interface of the firmware and also tracked as CVE-2024-20458, the 1st bug exists due to the fact that specific HTTP endpoints lack verification, making it possible for remote, unauthenticated assaulters to scan to a specific URL and viewpoint or delete arrangements, or modify the firmware.The second issue, tracked as CVE-2024-20421, enables remote, unauthenticated assailants to conduct CSRF attacks and also do random activities on prone gadgets. An opponent can capitalize on the security defect by encouraging a customer to click on a crafted hyperlink.Cisco also patched a medium-severity susceptability (CVE-2024-20459) that can enable distant, verified assailants to execute random demands along with root benefits.The remaining 5 protection issues, all tool severeness, may be manipulated to perform cross-site scripting (XSS) assaults, implement random demands as origin, viewpoint security passwords, modify device arrangements or reboot the unit, and work commands with administrator advantages.According to Cisco, ATA 191 (on-premises or multiplatform) as well as ATA 192 (multiplatform) tools are influenced. While there are no workarounds accessible, turning off the web-based administration user interface in the Cisco ATA 191 on-premises firmware relieves 6 of the flaws.Patches for these bugs were consisted of in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and firmware version 11.2.5 for the ATA 191 as well as 192 multiplatform analog telephone adapters.On Wednesday, Cisco also revealed patches for two medium-severity safety and security flaws in the UCS Central Software application organization management solution and the Unified Contact Facility Management Gateway (Unified CCMP) that can bring about delicate information acknowledgment and also XSS strikes, respectively.Advertisement. Scroll to carry on analysis.Cisco creates no acknowledgment of any one of these susceptabilities being actually manipulated in bush. Added details could be found on the provider's security advisories page.Associated: Splunk Organization Update Patches Remote Code Implementation Vulnerabilities.Associated: ICS Spot Tuesday: Advisories Posted through Siemens, Schneider, Phoenix Az Connect With, CERT@VDE.Related: Cisco to Buy Network Cleverness Company ThousandEyes.Connected: Cisco Patches Vital Susceptabilities in Best Infrastructure (PRIVATE DETECTIVE) Program.