VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 16, 2019· Updated Nov 21, 2024

Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

CVE-2019-12704

Description

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated remote file disclosure in Cisco SPA100 Series ATAs due to improper input validation.

Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The issue stems from improper input validation in the web-based management interface [1]. Affected firmware releases are 1.4.1 SR3 and earlier [1].

Exploitation

An attacker must have valid credentials to the web-based management interface. The exploit involves sending a crafted request to the interface, which allows retrieval of arbitrary file contents [1]. No user interaction beyond authentication is required.

Impact

Successful exploitation enables an attacker to read arbitrary files from the device, potentially exposing sensitive information such as configuration details or credentials [1]. This constitutes a confidentiality breach.

Mitigation

Cisco has not released a firmware fix at the time of publication. No workarounds are available [1]. Users should monitor Cisco's advisory for updates and consider upgrading when a fixed version becomes available [1].

References
  1. Cisco Security Advisory: Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.