Multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmware, both on-premises and multiplatform, could allow a remote attacker to delete or change the configuration, execute commands as the root user, conduct a cross-site scripting (XSS) attack against a user of the interface, view passwords, conduct a cross-site request forgery (CSRF) attack, or reboot the device.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released firmware updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. However, there is a mitigation that addresses some of these vulnerabilities for Cisco ATA 191 on-premises firmware only.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy
Security Impact Rating: High
CVE: CVE-2024-20420,CVE-2024-20421,CVE-2024-20458,CVE-2024-20459,CVE-2024-20460,CVE-2024-20461,CVE-2024-20462,CVE-2024-20463
Source:: Cisco Security Advisories