Cisco on Wednesday announced patches for eight vulnerabilities in the firmware of ATA 190 series analog telephone adapters, including two high-severity flaws leading to configuration changes and cross-site request forgery (CSRF) attacks.
Impacting the web-based management interface of the firmware and tracked as CVE-2024-20458, the first bug exists because specific HTTP endpoints lack authentication, allowing remote, unauthenticated attackers to browse to a specific URL and view or delete configurations, or modify the firmware.
The second issue, tracked as CVE-2024-20421, allows remote, unauthenticated attackers to conduct CSRF attacks and perform arbitrary actions on vulnerable devices. An attacker can exploit the security defect by convincing a user to click on a crafted link.
Cisco also patched a medium-severity vulnerability (CVE-2024-20459) that could allow remote, authenticated attackers to execute arbitrary commands with root privileges.
The remaining five security defects, all medium severity, could be exploited to conduct cross-site scripting (XSS) attacks, execute arbitrary commands as root, view passwords, modify device configurations or reboot the device, and run commands with administrator privileges.
According to Cisco, ATA 191 (on-premises or multiplatform) and ATA 192 (multiplatform) devices are affected. While there are no workarounds available, disabling the web-based management interface in the Cisco ATA 191 on-premises firmware mitigates six of the flaws.
Patches for these bugs were included in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and firmware version 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.
On Wednesday, Cisco also announced patches for two medium-severity security defects in the UCS Central Software enterprise management solution and the Unified Contact Center Management Portal (Unified CCMP) that could lead to sensitive information disclosure and XSS attacks, respectively.
Cisco makes no mention of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page.
Related: Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities
Related: ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Contact, CERT@VDE
Related: Cisco to Buy Network Intelligence Firm ThousandEyes
Related: Cisco Patches Critical Vulnerabilities in Prime Infrastructure (PI) Software