CVE-2024-20460

Published Oct 16, 2024

Last updated 17 days ago

CVSS medium 6.1

Overview

Description: A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-Other
ykramarz@cisco.com: CWE-80
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-79

Hype score: Not currently trending

CVE-2024-20460 A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to con… https://t.co/Q6icmmDes0
@CVEnew
268 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E464918E-6409-4ACC-B27A-ECD7A5A5ABF8",
            "versionEndExcluding": "12.0.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2BBB1A29-ABF8-4F79-A436-A416FAF4E7A9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FA479CC-10DC-4B3A-A869-7E0CCD02C959",
            "versionEndExcluding": "11.2.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0C232BB-005C-4E04-9B99-2B01AC8E8BA1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B66D888-565A-4EB1-B19B-594B302AAA72",
            "versionEndExcluding": "11.2.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "00A3390F-594D-4DB2-96EC-04D0D73C9421"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References