Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday declared spots for 8 vulnerabilities in the firmware of ATA 190 series analog telephone adapters, featuring two high-severity flaws bring about arrangement modifications and cross-site ask for imitation (CSRF) assaults.Influencing the online control interface of the firmware and tracked as CVE-2024-20458, the initial bug exists given that specific HTTP endpoints lack authorization, allowing remote control, unauthenticated opponents to scan to a details URL as well as viewpoint or even erase setups, or customize the firmware.The second concern, tracked as CVE-2024-20421, allows distant, unauthenticated assailants to administer CSRF assaults and perform random activities on vulnerable tools. An opponent may manipulate the safety and security issue by persuading a user to select a crafted hyperlink.Cisco additionally patched a medium-severity weakness (CVE-2024-20459) that might permit remote, certified opponents to implement approximate orders with root opportunities.The continuing to be five surveillance flaws, all medium extent, can be exploited to carry out cross-site scripting (XSS) strikes, execute arbitrary commands as root, perspective codes, change unit configurations or reboot the device, and operate orders along with manager privileges.According to Cisco, ATA 191 (on-premises or even multiplatform) as well as ATA 192 (multiplatform) units are affected. While there are actually no workarounds available, disabling the web-based monitoring user interface in the Cisco ATA 191 on-premises firmware relieves 6 of the problems.Patches for these bugs were consisted of in firmware model 12.0.2 for the ATA 191 analog telephone adapters, and firmware model 11.2.5 for the ATA 191 as well as 192 multiplatform analog telephone adapters.On Wednesday, Cisco also introduced patches for two medium-severity surveillance flaws in the UCS Central Software application venture control solution and also the Unified Get In Touch With Center Control Website (Unified CCMP) that can bring about delicate relevant information disclosure and also XSS attacks, respectively.Advertisement. Scroll to proceed analysis.Cisco makes no acknowledgment of any of these susceptabilities being manipulated in the wild. Additional info could be found on the firm's protection advisories web page.Related: Splunk Business Update Patches Remote Code Execution Vulnerabilities.Related: ICS Patch Tuesday: Advisories Posted through Siemens, Schneider, Phoenix Metro Get In Touch With, CERT@VDE.Connected: Cisco to Acquire System Knowledge Firm ThousandEyes.Related: Cisco Patches Vital Vulnerabilities in Main Commercial Infrastructure (PRIVATE DETECTIVE) Program.