Friday, November 1, 2024
HomeCiscoCisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote Code

Cisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote Code

Published on

Malware protection

Cisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware, posing significant user risks.

These vulnerabilities could allow remote attackers to execute unauthorized actions, including remote code execution, configuration changes, etc. Here’s a detailed breakdown of the vulnerabilities and their potential impact.

Summary of Vulnerabilities

Cisco’s advisory highlights several vulnerabilities in the ATA 190 Series Analog Telephone Adapter firmware, both on-premises and multiplatform. These vulnerabilities include:

- Advertisement - SIEM as a Service
  • Remote Code Execution: Attackers can execute commands as the root user.
  • Cross-site scripting (XSS): Allows attackers to inject malicious scripts.
  • Cross-Site Request Forgery (CSRF): Enables attackers to perform actions on behalf of users.
  • Configuration Changes: Unauthorized users can alter device configurations.
  • Information Disclosure: Attackers can view sensitive information like passwords.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here

Several CVE entries, including CVE-2024-20420, CVE-2024-20421, and CVE-2024-20458, identify the vulnerabilities.

The Common Vulnerability Scoring System (CVSS) scores for these issues range from 5.4 to 8.2, indicating medium to high severity.

Affected Products

The vulnerabilities impact the following Cisco products if they are running vulnerable firmware versions:

  • ATA 191: Both on-premises and multiplatform versions.
  • ATA 192: Multiplatform version only.

Cisco has confirmed that no other products are affected by these vulnerabilities.

Details of Specific Vulnerabilities

CVE-2024-20458: Authentication Vulnerability

This vulnerability allows unauthenticated remote attackers to view or delete configurations or change the firmware via specific HTTP endpoints. Due to a lack of authentication, it has a CVSS score of 8.2, making it highly critical.

CVE-2024-20420: Cisco ATA 190 Series Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware allows authenticated remote attackers with low privileges to execute commands as an Admin user.

This issue arises from incorrect authorization verification by the HTTP server. Exploitation involves sending a malicious request to the management interface, potentially enabling attackers to gain admin-level command execution.

CVE-2024-20421: CSRF Vulnerability

An insufficient CSRF protection mechanism allows attackers to perform arbitrary actions on affected devices by tricking users into following crafted links. This vulnerability has a CVSS score of 7.1.

Currently, there are no workarounds for these vulnerabilities. However, Cisco has mitigated some issues in the ATA 191 on-premises firmware by disabling the web-based management interface, which is disabled by default.

Fixed Software

Cisco has released firmware updates addressing these vulnerabilities. Users are urged to upgrade to secure their devices:

  • ATA 191: Upgrade from version 12.0.1 or earlier to 12.0.2.
  • ATA 191 and 192 Multiplatform: Upgrade from version 11.2.4 or earlier to 11.2.5.

Cisco provides free software updates for customers without service contracts through their Technical Assistance Center (TAC).

The discovery of these vulnerabilities underscores the importance of regular software updates and vigilance in cybersecurity practices.

Organizations using Cisco ATA 190 Series devices should prioritize upgrading their firmware to mitigate potential risks associated with these vulnerabilities.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)



Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...