A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.
History

Thu, 31 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-922

Tue, 22 Oct 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ata 191
Cisco ata 191 Firmware
Cisco ata 192
Cisco ata 192 Firmware
Weaknesses CWE-522
CPEs cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:*
cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:*
cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:*:*:*:*
Vendors & Products Cisco
Cisco ata 191
Cisco ata 191 Firmware
Cisco ata 192
Cisco ata 192 Firmware

Wed, 16 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.
Title Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability
Weaknesses CWE-257
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-10-16T16:16:44.345Z

Updated: 2024-10-31T13:17:38.967Z

Reserved: 2023-11-08T15:08:07.680Z

Link: CVE-2024-20462

cve-icon Vulnrichment

Updated: 2024-10-16T18:09:19.363Z

cve-icon NVD

Status : Modified

Published: 2024-10-16T17:15:15.357

Modified: 2024-10-31T14:35:08.380

Link: CVE-2024-20462

cve-icon Redhat

No data.