8

CVE-2019-15252

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.

Data is provided by the National Vulnerability Database (NVD)
CiscoSpa112 Firmware Version < 1.4.1
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Update-
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Updatesr1
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Updatesr2
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Updatesr3
   CiscoSpa112 Version-
CiscoSpa112 Firmware Version1.4.1 Updatesr4
   CiscoSpa112 Version-
CiscoSpa122 Firmware Version < 1.4.1
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Update-
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Updatesr1
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Updatesr2
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Updatesr3
   CiscoSpa122 Version-
CiscoSpa122 Firmware Version1.4.1 Updatesr4
   CiscoSpa122 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.27% 0.473
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.2 5.1 6.4
AV:A/AC:L/Au:S/C:P/I:P/A:P
psirt@cisco.com 8 2.1 5.9
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.