6.5

CVE-2019-12708

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoSpa112 Firmware Version < 1.4.1
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Update-
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Updatesr1
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Updatesr2
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Updatesr3
   CiscoSpa112 Version-
CiscoSpa122 Firmware Version < 1.4.1
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Update-
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Updatesr1
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Updatesr2
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Updatesr3
   CiscoSpa122 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.644
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
psirt@cisco.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.