Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday revealed patches for eight vulnerabilities in the firmware of ATA 190 set analog telephone adapters, featuring two high-severity imperfections causing arrangement changes and cross-site ask for forgery (CSRF) strikes.Impacting the web-based administration interface of the firmware as well as tracked as CVE-2024-20458, the 1st bug exists since details HTTP endpoints do not have authentication, enabling remote, unauthenticated attackers to browse to a particular link as well as scenery or remove arrangements, or tweak the firmware.The 2nd issue, tracked as CVE-2024-20421, makes it possible for remote, unauthenticated opponents to administer CSRF assaults and also execute arbitrary actions on susceptible units. An assaulter can make use of the safety and security issue by encouraging a consumer to click on a crafted web link.Cisco additionally patched a medium-severity susceptibility (CVE-2024-20459) that could possibly enable remote, validated attackers to implement arbitrary commands with origin privileges.The staying five protection flaws, all channel intensity, may be manipulated to carry out cross-site scripting (XSS) attacks, carry out arbitrary commands as root, scenery passwords, change unit setups or even reboot the unit, as well as work demands with manager advantages.Depending on to Cisco, ATA 191 (on-premises or even multiplatform) and also ATA 192 (multiplatform) tools are affected. While there are actually no workarounds readily available, disabling the web-based monitoring user interface in the Cisco ATA 191 on-premises firmware reduces six of the imperfections.Patches for these bugs were actually consisted of in firmware model 12.0.2 for the ATA 191 analog telephone adapters, and also firmware model 11.2.5 for the ATA 191 and also 192 multiplatform analog telephone adapters.On Wednesday, Cisco also revealed patches for pair of medium-severity safety issues in the UCS Central Program organization management option as well as the Unified Contact Center Control Site (Unified CCMP) that could result in sensitive details declaration as well as XSS strikes, respectively.Advertisement. Scroll to proceed analysis.Cisco creates no acknowledgment of any of these susceptibilities being exploited in bush. Added details may be discovered on the company's safety and security advisories web page.Related: Splunk Business Update Patches Remote Code Completion Vulnerabilities.Associated: ICS Patch Tuesday: Advisories Released through Siemens, Schneider, Phoenix Call, CERT@VDE.Related: Cisco to Buy Network Intellect Company ThousandEyes.Connected: Cisco Patches Vital Vulnerabilities in Main Framework (PRIVATE DETECTIVE) Software Program.