CVE-2024-20421

Cisco ATA 190 Series Analog Telephone Adapter Firmware Cross-Site Request Forgery Vulnerability

Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.

INFO

Published Date :

2024-10-16T16:15:54.255Z

Last Modified :

2024-10-31T13:49:46.644Z

Source :

cisco

AFFECTED PRODUCTS

The following products are affected by CVE-2024-20421 vulnerability.

Vendors	Products
Cisco	Ata 191 Ata 191 Firmware Ata 192 Ata 192 Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20421.

URL	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact