Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday introduced spots for eight susceptibilities in the firmware of ATA 190 collection analog telephone adapters, featuring pair of high-severity flaws bring about arrangement changes as well as cross-site request forgery (CSRF) assaults.Impacting the web-based management interface of the firmware as well as tracked as CVE-2024-20458, the initial bug exists due to the fact that certain HTTP endpoints do not have authentication, making it possible for remote, unauthenticated assaulters to surf to a specific URL and also sight or delete configurations, or even modify the firmware.The 2nd concern, tracked as CVE-2024-20421, enables remote control, unauthenticated attackers to administer CSRF strikes and perform approximate activities on vulnerable units. An attacker may make use of the security issue through encouraging a customer to click a crafted hyperlink.Cisco additionally patched a medium-severity susceptability (CVE-2024-20459) that could allow remote, validated attackers to implement random demands along with root opportunities.The staying five safety defects, all tool intensity, might be made use of to conduct cross-site scripting (XSS) attacks, implement approximate orders as root, scenery passwords, tweak gadget configurations or even reboot the device, and operate orders with supervisor benefits.According to Cisco, ATA 191 (on-premises or even multiplatform) and ATA 192 (multiplatform) tools are actually affected. While there are no workarounds offered, turning off the web-based management user interface in the Cisco ATA 191 on-premises firmware relieves six of the defects.Patches for these bugs were actually included in firmware model 12.0.2 for the ATA 191 analog telephone adapters, and firmware version 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.On Wednesday, Cisco also introduced spots for two medium-severity safety and security defects in the UCS Central Software enterprise administration remedy as well as the Unified Get In Touch With Facility Control Website (Unified CCMP) that can lead to vulnerable information declaration as well as XSS strikes, respectively.Advertisement. Scroll to carry on reading.Cisco makes no mention of any one of these weakness being exploited in the wild. Added info may be located on the provider's safety and security advisories page.Related: Splunk Company Update Patches Remote Code Execution Vulnerabilities.Related: ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Call, CERT@VDE.Connected: Cisco to Acquire System Cleverness Firm ThousandEyes.Connected: Cisco Patches Critical Weakness in Best Structure (PRIVATE EYE) Software Application.