Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Oct 31, 2024

Cisco ATA 190 Series Analog Telephone Adapter Firmware Cross-Site Request Forgery Vulnerability

CVE-2024-20421

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.

Affected products

Cisco Systems, Inc./ATA 190 Series Adaptive Telephone Adapterllm-fuzzy
Cisco Systems, Inc./Ata 187 Analog Telephone Adaptorcpe-rescue
Range: 12.0.1 SR2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000