// For flags

CVE-2024-20462

Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.

This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.

Una vulnerabilidad en la interfaz de administración basada en web del firmware del adaptador telefónico analógico multiplataforma Cisco ATA 190 Series podría permitir que un atacante local autenticado con privilegios bajos vea las contraseñas en un dispositivo afectado. Esta vulnerabilidad se debe a una desinfección incorrecta del contenido HTML de un dispositivo afectado. Una explotación exitosa podría permitir que el atacante vea las contraseñas que pertenecen a otros usuarios.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-11-08 CVE Reserved
  • 2024-10-16 CVE Published
  • 2024-10-17 EPSS Updated
  • 2024-10-31 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-257: Storing Passwords in a Recoverable Format
  • CWE-922: Insecure Storage of Sensitive Information
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Cisco Analog Telephone Adaptor (ATA) Software
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software"
 11.1.0
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.1.0"
en
Affected
Cisco
Search vendor "Cisco"
 Cisco Analog Telephone Adaptor (ATA) Software
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software"
 11.2.1
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.2.1"
en
Affected
Cisco
Search vendor "Cisco"
 Cisco Analog Telephone Adaptor (ATA) Software
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software"
 11.2.2
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.2.2"
en
Affected
Cisco
Search vendor "Cisco"
 Cisco Analog Telephone Adaptor (ATA) Software
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software"
 11.2.3
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.2.3"
en
Affected
Cisco
Search vendor "Cisco"
 Cisco Analog Telephone Adaptor (ATA) Software
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software"
 11.2.4
Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.2.4"
en
Affected