1. Home
  2. CVE Database
  3. CVE-2024-20420
MEDIUM · 5.4

CVE-2024-20420

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an ...

Vulnerability Description

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
CiscoAta 191 Firmware< 12.0.2
CiscoAta 191-
CiscoAta 192 Firmware< 11.2.5
CiscoAta 192-

Related Weaknesses (CWE)

CWE-250CWE-863

References

FAQ

What is CVE-2024-20420?

CVE-2024-20420 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an ...

How severe is CVE-2024-20420?

CVE-2024-20420 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20420?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ata 191 Firmware, Cisco Ata 191, Cisco Ata 192 Firmware, Cisco Ata 192.