CVE-2019-12708
Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device.
Una vulnerabilidad en la interfaz de administración basada en web de los dispositivos Cisco SPA100 Series Analog Telephone Adapters (ATAs), podría permitir a un atacante remoto autenticado acceder a información confidencial en un dispositivo afectado. La vulnerabilidad es debido a un manejo no seguro de las credenciales de usuario. Un atacante podría explotar esta vulnerabilidad al visualizar partes de la interfaz de administración basada en web de un dispositivo afectado. Una explotación con éxito podría permitir al atacante acceder a credenciales administrativas y alcanzar potencialmente privilegios elevados mediante la reutilización de credenciales robadas en el dispositivo afectado.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2019-06-04 CVE Reserved
- 2019-10-16 CVE Published
- 2023-11-25 EPSS Updated
- 2024-11-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.tenable.com/security/research/tra-2019-44 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Spa112 Firmware Search vendor "Cisco" for product "Spa112 Firmware" | < 1.4.1 Search vendor "Cisco" for product "Spa112 Firmware" and version " < 1.4.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa112 Search vendor "Cisco" for product "Spa112" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa112 Firmware Search vendor "Cisco" for product "Spa112 Firmware" | 1.4.1 Search vendor "Cisco" for product "Spa112 Firmware" and version "1.4.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa112 Search vendor "Cisco" for product "Spa112" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa112 Firmware Search vendor "Cisco" for product "Spa112 Firmware" | 1.4.1 Search vendor "Cisco" for product "Spa112 Firmware" and version "1.4.1" | sr1 |
Affected
| in | Cisco Search vendor "Cisco" | Spa112 Search vendor "Cisco" for product "Spa112" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa112 Firmware Search vendor "Cisco" for product "Spa112 Firmware" | 1.4.1 Search vendor "Cisco" for product "Spa112 Firmware" and version "1.4.1" | sr2 |
Affected
| in | Cisco Search vendor "Cisco" | Spa112 Search vendor "Cisco" for product "Spa112" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa112 Firmware Search vendor "Cisco" for product "Spa112 Firmware" | 1.4.1 Search vendor "Cisco" for product "Spa112 Firmware" and version "1.4.1" | sr3 |
Affected
| in | Cisco Search vendor "Cisco" | Spa112 Search vendor "Cisco" for product "Spa112" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa122 Firmware Search vendor "Cisco" for product "Spa122 Firmware" | < 1.4.1 Search vendor "Cisco" for product "Spa122 Firmware" and version " < 1.4.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa122 Search vendor "Cisco" for product "Spa122" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa122 Firmware Search vendor "Cisco" for product "Spa122 Firmware" | 1.4.1 Search vendor "Cisco" for product "Spa122 Firmware" and version "1.4.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa122 Search vendor "Cisco" for product "Spa122" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa122 Firmware Search vendor "Cisco" for product "Spa122 Firmware" | 1.4.1 Search vendor "Cisco" for product "Spa122 Firmware" and version "1.4.1" | sr1 |
Affected
| in | Cisco Search vendor "Cisco" | Spa122 Search vendor "Cisco" for product "Spa122" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa122 Firmware Search vendor "Cisco" for product "Spa122 Firmware" | 1.4.1 Search vendor "Cisco" for product "Spa122 Firmware" and version "1.4.1" | sr2 |
Affected
| in | Cisco Search vendor "Cisco" | Spa122 Search vendor "Cisco" for product "Spa122" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa122 Firmware Search vendor "Cisco" for product "Spa122 Firmware" | 1.4.1 Search vendor "Cisco" for product "Spa122 Firmware" and version "1.4.1" | sr3 |
Affected
| in | Cisco Search vendor "Cisco" | Spa122 Search vendor "Cisco" for product "Spa122" | - | - |
Safe
|