A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device.
Metrics
Affected Vendors & Products
References
History
Thu, 31 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 |
Tue, 22 Oct 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco ata 191 Cisco ata 191 Firmware Cisco ata 192 Cisco ata 192 Firmware |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:* cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:* cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:* cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco
Cisco ata 191 Cisco ata 191 Firmware Cisco ata 192 Cisco ata 192 Firmware |
Wed, 16 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 16 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device. | |
Title | Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-10-16T16:16:23.411Z
Updated: 2024-10-31T14:10:45.987Z
Reserved: 2023-11-08T15:08:07.680Z
Link: CVE-2024-20460
Vulnrichment
Updated: 2024-10-16T18:24:19.803Z
NVD
Status : Modified
Published: 2024-10-16T17:15:14.880
Modified: 2024-10-31T14:35:07.573
Link: CVE-2024-20460
Redhat
No data.