CVE-2019-15248

Published Oct 16, 2019

Last updated 5 years ago

Overview

Description
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
Source
ykramarz@cisco.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 3.0

Type
Secondary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
5.2
Impact score
6.4
Exploitability score
5.1
Vector string
AV:A/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-119
ykramarz@cisco.com
CWE-119

Social media

Hype score
Not currently trending

Configurations