cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20766,https://securityvulnerability.io/vulnerability/CVE-2022-20766,Cisco ATA 190 Series Adaptive Telephone Adapter Vulnerability to Cause Denial of Service,"A vulnerability exists within the Cisco Discovery Protocol functionality of the Cisco ATA 190 Series Adaptive Telephone Adapter firmware. This issue permits unauthenticated, remote attackers to trigger a denial of service condition on the affected devices. The flaw originates from an out-of-bounds read when processing specially crafted Cisco Discovery Protocol packets. An attacker can exploit this weakness by sending these malicious packets, potentially leading to a service restart. Cisco has issued firmware updates to mitigate this vulnerability, and no workarounds are available to address the issue.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T15:35:42.433Z,0
CVE-2024-20420,https://securityvulnerability.io/vulnerability/CVE-2024-20420,Cisco ATA 190 Series Analog Telephone Adapter Vulnerability,"A vulnerability exists in the web-based management interface of the Cisco ATA 190 Series Analog Telephone Adapter firmware that can be exploited by an authenticated, remote attacker with low privileges. This issue arises from improper authorization verification within the HTTP server. By crafting a malicious HTTP request, an attacker could inadvertently receive the ability to execute commands with Admin privileges. This flaw poses a significant risk, as successful exploitation could compromise the integrity and security of the affected device, allowing for unauthorized administrative actions.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,8.8,HIGH,0.0005000000237487257,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20463,https://securityvulnerability.io/vulnerability/CVE-2024-20463,Cisco ATA 190 Series Analog Telephone Adapter Vulnerability: Remote Configuration Modification and Reboot Possible,"A weakness in the web-based management interface of Cisco's ATA 190 Series Analog Telephone Adapter firmware permits an unauthenticated, remote adversary to alter the device configuration or initiate a reboot. This issue is linked to the HTTP server's faulty handling of state changes in GET requests, allowing attackers to exploit this vulnerability by dispatching malicious requests to the management interface. The execution of a successful exploit may result in limited configuration adjustments or device reboots, potentially leading to a denial of service (DoS) scenario.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,7.1,HIGH,0.0004600000102072954,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20460,https://securityvulnerability.io/vulnerability/CVE-2024-20460,Cisco ATA 190 Series Analog Telephone Adapter Vulnerable to Reflected Cross-Site Scripting Attacks,"A vulnerability exists within the web-based management interface of the Cisco ATA 190 Series Analog Telephone Adapter firmware, enabling unauthenticated, remote attackers to carry out reflected cross-site scripting (XSS) attacks. The root cause stems from insufficient validation of user input, which can be exploited if the attacker convinces a victim to click a specially crafted link. When successful, the exploit may allow arbitrary script code execution within the affected interface's context or lead to exposure of sensitive browser-based information on the compromised device. This vulnerability highlights the importance of securing management interfaces and sanitizing user inputs to prevent malicious exploits.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-10-31T15:15:05.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20461,https://securityvulnerability.io/vulnerability/CVE-2024-20461,Cisco ATA 190 Series Analog Telephone Adapter Vulnerability,"A vulnerability in the CLI&nbsp;of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user.

This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to the CLI. A successful exploit could allow the attacker to read and write to the underlying operating system as the root user.",Cisco,Ata 191 Firmware,6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20462,https://securityvulnerability.io/vulnerability/CVE-2024-20462,Cisco ATA 190 Series Multiplatform Analog Telephone Adapter Vulnerability: Passwords at Risk,"A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.

This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.5,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20458,https://securityvulnerability.io/vulnerability/CVE-2024-20458,Unauthenticated Remote Attacker Couldview or Delete Configuration or Change Firmware on Affected Devices,"A significant vulnerability exists in the web-based management interface of Cisco's ATA 190 Series Analog Telephone Adapter. The flaw enables an unauthenticated remote attacker to interact with specific HTTP endpoints that lack adequate authentication controls. By exploiting this vulnerability, a malicious actor could navigate to particular URLs, leading to potential viewing or deletion of device configurations. Additionally, the exploit could allow the attacker to alter the device's firmware, posing a serious risk to users and network security. Organizations utilizing affected devices are urged to assess their security posture and implement necessary measures to mitigate risks associated with this vulnerability.",Cisco,Ata 191 Firmware,8.2,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20459,https://securityvulnerability.io/vulnerability/CVE-2024-20459,Cisco ATA 190 Multiplatform Series Analog Telephone Adapter Vulnerability,"A vulnerability exists in the web-based management interface of the Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware. This issue stems from inadequate input sanitization, which could permit an authenticated remote attacker with elevated privileges to execute arbitrary commands as the root user on the underlying operating system. By crafting a malicious request directed at the affected management interface, attackers may exploit this vulnerability to gain unauthorized access and control, posing significant risks to system integrity and security.",Cisco,Ata 191 Firmware,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20421,https://securityvulnerability.io/vulnerability/CVE-2024-20421,Cisco ATA 190 Series Analog Telephone Adapter Vulnerable to CSRF Attacks,"A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,6.5,MEDIUM,0.0004799999878741801,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2022-20688,https://securityvulnerability.io/vulnerability/CVE-2022-20688,Remote Code Execution Vulnerability in Cisco ATA 190 Series by Cisco,"A flaw in the Cisco Discovery Protocol functionality of the Cisco ATA 190 Series Analog Telephone Adapter firmware allows unauthenticated remote attackers to send specially crafted packets that lack proper length validation. This can lead to arbitrary code execution on the affected device, causing unexpected service restarts and potential denial-of-service conditions. Successful exploitation may compromise the integrity and availability of the device, highlighting the importance of timely updates to mitigate this risk.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-03T03:15:37.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20689,https://securityvulnerability.io/vulnerability/CVE-2022-20689,Memory Corruption Vulnerability in Cisco ATA 190 Series Analog Telephone Adapter,"The vulnerability in the Cisco Discovery Protocol within Cisco ATA 190 Series Analog Telephone Adapter firmware allows unauthenticated, adjacent attackers to exploit memory management flaws. This flaw is caused by insufficient length validation when processing Cisco Discovery Protocol messages. By sending specially crafted packets, attackers could induce out-of-bounds reads, compromising the integrity of the internal Cisco Discovery Protocol database on the device. This could lead to various adverse effects on the operation of the affected device.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0006200000061653554,false,,false,false,true,2024-08-03T03:15:37.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20690,https://securityvulnerability.io/vulnerability/CVE-2022-20690,Memory Corruption in Cisco ATA 190 Series Analog Telephone Adapter,"Multiple vulnerabilities have been identified in the Cisco Discovery Protocol aspect of the Cisco ATA 190 Series Analog Telephone Adapter firmware. These flaws arise from insufficient length validation when processing Cisco Discovery Protocol messages. An unauthenticated attacker adjacent to the affected device can exploit these vulnerabilities by sending specially crafted malicious packets. This exploitation can lead to an out-of-bounds read, which in turn may corrupt the internal Cisco Discovery Protocol database, potentially compromising the integrity of the device’s functionality.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0006200000061653554,false,,false,false,true,2024-08-03T03:15:37.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20687,https://securityvulnerability.io/vulnerability/CVE-2022-20687,Remote Code Execution Vulnerability in Cisco ATA 190 Series Analog Telephone Adapter,"Multiple vulnerabilities found in the Link Layer Discovery Protocol functionality of Cisco's ATA 190 Series Analog Telephone Adapter firmware could enable an unauthenticated attacker to send specially crafted LLDP packets to the affected devices. These vulnerabilities revolve around the insufficient validation of packet header lengths, allowing attackers to execute arbitrary code on the device. The result may include unexpected restarts of the LLDP service and potential denial of service conditions, compromising the integrity and availability of communication systems.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-03T03:15:36.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20691,https://securityvulnerability.io/vulnerability/CVE-2022-20691,Denial of Service in Cisco ATA 190 Series Adaptive Telephone Adapter,"A flaw in the Cisco Discovery Protocol functionality of the Cisco ATA 190 Series Adaptive Telephone Adapter firmware enables an unauthenticated adjacent attacker to trigger a Denial of Service (DoS) condition on the device. This occurs due to inadequate validation of the length of certain fields within the Cisco Discovery Protocol packet headers. An attacker can exploit this vulnerability by sending specially crafted Cisco Discovery Protocol packets to the vulnerable device. If successful, this attack can lead to excessive memory usage, resulting in the device becoming unresponsive and potentially requiring a restart. Cisco has made firmware updates available to mitigate this vulnerability.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0005000000237487257,false,,false,false,true,2024-08-03T03:15:37.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20686,https://securityvulnerability.io/vulnerability/CVE-2022-20686,Multiple Vulnerabilities in Link Layer Discovery Protocol of Cisco ATA 190 Series,"Multiple security vulnerabilities in the Link Layer Discovery Protocol (LLDP) of the Cisco ATA 190 Series Analog Telephone Adapter firmware may allow an unauthenticated, remote attacker to conduct arbitrary code execution. These weaknesses stem from inadequate validation of certain LLDP packet header fields. An attacker could send a specially crafted LLDP packet to an affected device, which would exploit these vulnerabilities, leading to unexpected LLDP service reboots and potentially resulting in a denial of service.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-03T03:15:36.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2021-34710,https://securityvulnerability.io/vulnerability/CVE-2021-34710,Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities,"Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,8.8,HIGH,0.0013299999991431832,false,,false,false,true,2024-08-04T02:15:20.000Z,,false,false,,2021-10-06T00:00:00.000Z,0
CVE-2021-34735,https://securityvulnerability.io/vulnerability/CVE-2021-34735,Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities,"Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,8.8,HIGH,0.0017300000181421638,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-10-06T00:00:00.000Z,0
CVE-2019-12703,https://securityvulnerability.io/vulnerability/CVE-2019-12703,Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by sending malicious input to the affected software through crafted DHCP requests, and then persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Spa122 Ata With Router,5.2,MEDIUM,0.0005499999970197678,false,,false,false,true,2024-09-16T17:15:36.000Z,,false,false,,2019-10-16T00:00:00.000Z,0
CVE-2013-1111,https://securityvulnerability.io/vulnerability/CVE-2013-1111,,"The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038.",Cisco,"Ata 187 Analog Telephone Adaptor Firmware,Ata 187 Analog Telephone Adaptor",,,0.0040799998678267,false,,false,false,false,,,false,false,,2013-02-13T23:55:00.000Z,0
CVE-2005-4794,https://securityvulnerability.io/vulnerability/CVE-2005-4794,,"Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.",Cisco,"Application And Content Networking Software,Ip Phone 7912,Ata,Subscriber Edge Services Manager,Ip Phone 7902,Ip Phone 7905,Unity Express",,,0.07119999825954437,false,,false,false,false,,,false,false,,2005-12-31T05:00:00.000Z,0
CVE-2002-0769,https://securityvulnerability.io/vulnerability/CVE-2002-0769,,"The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters.",Cisco,Ata-186,,,0.005979999899864197,false,,false,false,false,,,false,false,,2002-08-12T04:00:00.000Z,0