A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco ata 191 Cisco ata 191 Firmware Cisco ata 192 Cisco ata 192 Firmware |
|
CPEs | cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:* cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:* cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:* cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco
Cisco ata 191 Cisco ata 191 Firmware Cisco ata 192 Cisco ata 192 Firmware |
Wed, 16 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 16 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | |
Title | Cisco ATA 190 Series Analog Telephone Adapter Firmware Cross-Site Request Forgery Vulnerability | |
Weaknesses | CWE-352 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: cisco
Published:
Updated: 2024-10-31T13:49:46.644Z
Reserved: 2023-11-08T15:08:07.665Z
Link: CVE-2024-20421

Updated: 2024-10-16T18:24:33.376Z

Status : Modified
Published: 2024-10-16T17:15:14.193
Modified: 2024-10-31T14:35:06.853
Link: CVE-2024-20421

No data.

No data.