What is the vulnerability ID of this Cisco SPA100 Series Analog Telephone Adapter vulnerability?

The vulnerability ID of this Cisco SPA100 Series Analog Telephone Adapter vulnerability is CVE-2019-12704.

What is the severity level of CVE-2019-12704?

The severity level of CVE-2019-12704 is medium with a severity value of 6.5.

How can an authenticated, remote attacker exploit this vulnerability?

An authenticated, remote attacker can exploit this vulnerability by viewing the contents of arbitrary files on an affected device.

Which software versions are affected by this vulnerability?

The Cisco SPA112 Firmware versions up to and including 1.4.1 are affected by this vulnerability.

How can I fix the Cisco SPA100 Series Analog Telephone Adapter vulnerability (CVE-2019-12704)?

To fix the vulnerability, you should upgrade to a version of the Cisco SPA112 Firmware that is higher than 1.4.1.

Vulnerability/
CVE-2019-12704

medium

6.5

CWE

22 200 20

16/10/2019

21/11/2024

CVE-2019-12704: Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

First published: Wed Oct 16 2019(Updated: )

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Spa112 Firmware	<1.4.1
Cisco Spa112 Firmware	=1.4.1
Cisco Spa112 Firmware	=1.4.1-sr1
Cisco Spa112 Firmware	=1.4.1-sr2
Cisco Spa112 Firmware	=1.4.1-sr3
Cisco SPA112
Cisco Spa122 Firmware	<1.4.1
Cisco Spa122 Firmware	=1.4.1
Cisco Spa122 Firmware	=1.4.1-sr1
Cisco Spa122 Firmware	=1.4.1-sr2
Cisco Spa122 Firmware	=1.4.1-sr3
Cisco SPA122

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-ui-disclosure

Frequently Asked Questions

What is the vulnerability ID of this Cisco SPA100 Series Analog Telephone Adapter vulnerability?
The vulnerability ID of this Cisco SPA100 Series Analog Telephone Adapter vulnerability is CVE-2019-12704.
What is the severity level of CVE-2019-12704?
The severity level of CVE-2019-12704 is medium with a severity value of 6.5.
How can an authenticated, remote attacker exploit this vulnerability?
An authenticated, remote attacker can exploit this vulnerability by viewing the contents of arbitrary files on an affected device.
Which software versions are affected by this vulnerability?
The Cisco SPA112 Firmware versions up to and including 1.4.1 are affected by this vulnerability.
How can I fix the Cisco SPA100 Series Analog Telephone Adapter vulnerability (CVE-2019-12704)?
To fix the vulnerability, you should upgrade to a version of the Cisco SPA112 Firmware that is higher than 1.4.1.

collector/nvd-index
agent/type
agent/softwarecombine
agent/references
agent/severity
agent/author
agent/title
agent/weakness
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
vendor/cisco
canonical/cisco spa112 firmware
version/cisco spa112 firmware/1.4.1
version/cisco spa112 firmware/1.4.1-sr1
version/cisco spa112 firmware/1.4.1-sr2
version/cisco spa112 firmware/1.4.1-sr3
canonical/cisco spa112
canonical/cisco spa122 firmware
version/cisco spa122 firmware/1.4.1
version/cisco spa122 firmware/1.4.1-sr1
version/cisco spa122 firmware/1.4.1-sr2
version/cisco spa122 firmware/1.4.1-sr3
canonical/cisco spa122