CVE-2019-15242
Description
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
Risk Information
Base Score
8.0
MODERATE
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.255
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities For Cisco Small Business Voice Gateways and ATAs | NCM |
| Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities For Cisco IP Phone 7800 Series | NCM |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-15242) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1702213 | Security Update for Cisco Small Business Voice Gateways and ATAs 7.6.2SR5 |
| PATCH-1705975 | Security Update for Cisco IP Phone 7800 Series 11.7(1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234