Cisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote Code

Cisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware, posing significant user risks.

These vulnerabilities could allow remote attackers to execute unauthorized actions, including remote code execution, configuration changes, etc. Here’s a detailed breakdown of the vulnerabilities and their potential impact.

Summary of Vulnerabilities

Cisco’s advisory highlights several vulnerabilities in the ATA 190 Series Analog Telephone Adapter firmware, both on-premises and multiplatform. These vulnerabilities include:

• Remote Code Execution: Attackers can execute commands as the root user.
• Cross-site scripting (XSS): Allows attackers to inject malicious scripts.
• Cross-Site Request Forgery (CSRF): Enables attackers to perform actions on behalf of users.
• Configuration Changes: Unauthorized users can alter device configurations.
• Information Disclosure: Attackers can view sensitive information like passwords.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here

Several CVE entries, including CVE-2024-20420, CVE-2024-20421, and CVE-2024-20458, identify the vulnerabilities.

The Common Vulnerability Scoring System (CVSS) scores for these issues range from 5.4 to 8.2, indicating medium to high severity.

Affected Products

The vulnerabilities impact the following Cisco products if they are running vulnerable firmware versions:

• ATA 191: Both on-premises and multiplatform versions.
• ATA 192: Multiplatform version only.

Cisco has confirmed that no other products are affected by these vulnerabilities.

Details of Specific Vulnerabilities

CVE-2024-20458: Authentication Vulnerability

This vulnerability allows unauthenticated remote attackers to view or delete configurations or change the firmware via specific HTTP endpoints. Due to a lack of authentication, it has a CVSS score of 8.2, making it highly critical.

CVE-2024-20420: Cisco ATA 190 Series Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware allows authenticated remote attackers with low privileges to execute commands as an Admin user.

This issue arises from incorrect authorization verification by the HTTP server. Exploitation involves sending a malicious request to the management interface, potentially enabling attackers to gain admin-level command execution.

CVE-2024-20421: CSRF Vulnerability

An insufficient CSRF protection mechanism allows attackers to perform arbitrary actions on affected devices by tricking users into following crafted links. This vulnerability has a CVSS score of 7.1.

Currently, there are no workarounds for these vulnerabilities. However, Cisco has mitigated some issues in the ATA 191 on-premises firmware by disabling the web-based management interface, which is disabled by default.

Fixed Software

Cisco has released firmware updates addressing these vulnerabilities. Users are urged to upgrade to secure their devices:

• ATA 191: Upgrade from version 12.0.1 or earlier to 12.0.2.
• ATA 191 and 192 Multiplatform: Upgrade from version 11.2.4 or earlier to 11.2.5.

Cisco provides free software updates for customers without service contracts through their Technical Assistance Center (TAC).

The discovery of these vulnerabilities underscores the importance of regular software updates and vigilance in cybersecurity practices.

Organizations using Cisco ATA 190 Series devices should prioritize upgrading their firmware to mitigate potential risks associated with these vulnerabilities.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)