Security

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

.Cisco on Wednesday revealed patches for eight susceptabilities in the firmware of ATA 190 set analog telephone adapters, consisting of two high-severity defects bring about configuration improvements as well as cross-site demand bogus (CSRF) strikes.Impacting the web-based control interface of the firmware and tracked as CVE-2024-20458, the 1st bug exists because particular HTTP endpoints do not have authorization, allowing remote, unauthenticated aggressors to explore to a details link as well as viewpoint or even erase configurations, or change the firmware.The second problem, tracked as CVE-2024-20421, enables distant, unauthenticated enemies to carry out CSRF strikes as well as carry out approximate activities on vulnerable gadgets. An attacker may capitalize on the security defect through persuading a user to click on a crafted hyperlink.Cisco likewise patched a medium-severity susceptability (CVE-2024-20459) that could possibly make it possible for distant, authenticated enemies to carry out random orders with origin benefits.The continuing to be 5 protection problems, all medium intensity, can be made use of to perform cross-site scripting (XSS) assaults, carry out approximate demands as origin, viewpoint passwords, customize gadget arrangements or reboot the gadget, and run commands along with supervisor advantages.According to Cisco, ATA 191 (on-premises or even multiplatform) and also ATA 192 (multiplatform) tools are had an effect on. While there are no workarounds on call, disabling the online control user interface in the Cisco ATA 191 on-premises firmware alleviates six of the imperfections.Patches for these bugs were featured in firmware model 12.0.2 for the ATA 191 analog telephone adapters, and firmware variation 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.On Wednesday, Cisco likewise declared patches for pair of medium-severity safety defects in the UCS Central Software program company administration solution as well as the Unified Contact Center Control Website (Unified CCMP) that might cause sensitive details disclosure as well as XSS assaults, respectively.Advertisement. Scroll to proceed reading.Cisco makes no acknowledgment of some of these susceptabilities being exploited in the wild. Additional information could be discovered on the firm's safety advisories web page.Associated: Splunk Business Update Patches Remote Code Execution Vulnerabilities.Connected: ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Phoenix Contact, CERT@VDE.Related: Cisco to Buy System Intellect Organization ThousandEyes.Related: Cisco Patches Essential Susceptabilities in Perfect Facilities (PRIVATE DETECTIVE) Software.

Articles You Can Be Interested In