Vulnerabilities > Cisco > ATA 192 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-20420 | Unspecified vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. | 8.8 |
| 2024-10-16 | CVE-2024-20458 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. | 8.2 |
| 2024-10-16 | CVE-2024-20459 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. | 7.2 |
| 2024-10-16 | CVE-2024-20463 | Unspecified vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. | 7.1 |
| 2022-12-12 | CVE-2022-20689 | Improper Validation of Specified Quantity in Input vulnerability in Cisco products Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. | 8.8 |
| 2022-12-12 | CVE-2022-20690 | Improper Validation of Specified Quantity in Input vulnerability in Cisco products Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. | 8.8 |
| 2021-10-06 | CVE-2021-34710 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. | 8.8 |
| 2021-10-06 | CVE-2021-34735 | Unspecified vulnerability in Cisco products Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. | 7.5 |