Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15252

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.

Published

2019-10-16T19:15:13.440

Last Modified

2024-11-21T04:28:17.967

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.1

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-119
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco spa112_firmware < 1.4.1 Yes
Operating System cisco spa112_firmware 1.4.1 Yes
Operating System cisco spa112_firmware 1.4.1 Yes
Operating System cisco spa112_firmware 1.4.1 Yes
Operating System cisco spa112_firmware 1.4.1 Yes
Operating System cisco spa112_firmware 1.4.1 Yes
Hardware cisco spa112 - No
Operating System cisco spa122_firmware < 1.4.1 Yes
Operating System cisco spa122_firmware 1.4.1 Yes
Operating System cisco spa122_firmware 1.4.1 Yes
Operating System cisco spa122_firmware 1.4.1 Yes
Operating System cisco spa122_firmware 1.4.1 Yes
Operating System cisco spa122_firmware 1.4.1 Yes
Hardware cisco spa122 - No
References