CVE-2024-20462
Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.
This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.
Una vulnerabilidad en la interfaz de administración basada en web del firmware del adaptador telefónico analógico multiplataforma Cisco ATA 190 Series podría permitir que un atacante local autenticado con privilegios bajos vea las contraseñas en un dispositivo afectado. Esta vulnerabilidad se debe a una desinfección incorrecta del contenido HTML de un dispositivo afectado. Una explotación exitosa podría permitir que el atacante vea las contraseñas que pertenecen a otros usuarios.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-11-08 CVE Reserved
- 2024-10-16 CVE Published
- 2024-10-16 CVE Updated
- 2024-10-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-257: Storing Passwords in a Recoverable Format
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Cisco Analog Telephone Adaptor (ATA) Software Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" | 11.1.0 Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.1.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Analog Telephone Adaptor (ATA) Software Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" | 11.2.1 Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.2.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Analog Telephone Adaptor (ATA) Software Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" | 11.2.2 Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.2.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Analog Telephone Adaptor (ATA) Software Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" | 11.2.3 Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.2.3" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Analog Telephone Adaptor (ATA) Software Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" | 11.2.4 Search vendor "Cisco" for product "Cisco Analog Telephone Adaptor (ATA) Software" and version "11.2.4" | en |
Affected
| ||||||