CVE-2024-20421

Published Oct 16, 2024

Last updated 17 days ago

CVSS medium 6.5

Overview

Description: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-352
ykramarz@cisco.com: CWE-352
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-352

Hype score: Not currently trending

CVE-2024-20421 A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to con… https://t.co/7zEe5SdQJd
@CVEnew
322 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E464918E-6409-4ACC-B27A-ECD7A5A5ABF8",
            "versionEndExcluding": "12.0.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2BBB1A29-ABF8-4F79-A436-A416FAF4E7A9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FA479CC-10DC-4B3A-A869-7E0CCD02C959",
            "versionEndExcluding": "11.2.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0C232BB-005C-4E04-9B99-2B01AC8E8BA1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B66D888-565A-4EB1-B19B-594B302AAA72",
            "versionEndExcluding": "11.2.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "00A3390F-594D-4DB2-96EC-04D0D73C9421"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References