Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday revealed spots for 8 weakness in the firmware of ATA 190 set analog telephone adapters, including two high-severity flaws bring about configuration modifications and also cross-site demand bogus (CSRF) attacks.Impacting the online monitoring user interface of the firmware and also tracked as CVE-2024-20458, the 1st bug exists since particular HTTP endpoints lack verification, permitting remote control, unauthenticated enemies to surf to a particular link and also perspective or even erase setups, or change the firmware.The 2nd issue, tracked as CVE-2024-20421, enables remote control, unauthenticated assailants to carry out CSRF assaults and conduct arbitrary activities on prone devices. An assaulter may manipulate the safety and security flaw by persuading a customer to select a crafted link.Cisco additionally patched a medium-severity vulnerability (CVE-2024-20459) that might allow remote, verified enemies to execute random orders along with origin privileges.The continuing to be 5 surveillance problems, all channel seriousness, might be manipulated to perform cross-site scripting (XSS) strikes, implement random orders as root, sight passwords, customize unit setups or even reboot the device, and function orders along with supervisor benefits.According to Cisco, ATA 191 (on-premises or multiplatform) as well as ATA 192 (multiplatform) gadgets are actually had an effect on. While there are no workarounds offered, turning off the online control interface in the Cisco ATA 191 on-premises firmware reduces six of the flaws.Patches for these bugs were featured in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and firmware version 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco also introduced patches for 2 medium-severity surveillance problems in the UCS Central Program business control answer and the Unified Connect With Facility Control Gateway (Unified CCMP) that could possibly result in vulnerable details disclosure and also XSS assaults, respectively.Advertisement. Scroll to carry on reading.Cisco makes no acknowledgment of any of these susceptibilities being actually manipulated in the wild. Extra info could be located on the business's surveillance advisories web page.Associated: Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities.Connected: ICS Patch Tuesday: Advisories Posted by Siemens, Schneider, Phoenix Az Get In Touch With, CERT@VDE.Related: Cisco to Acquire Network Knowledge Agency ThousandEyes.Related: Cisco Patches Essential Susceptibilities in Excellent Facilities (PRIVATE EYE) Software.