CVE-2019-12708: Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Disclosure Vulnerability
First published: Wed Oct 16 2019(Updated: )
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Spa112 Firmware | <1.4.1 | |
| Cisco Spa112 Firmware | =1.4.1 | |
| Cisco Spa112 Firmware | =1.4.1-sr1 | |
| Cisco Spa112 Firmware | =1.4.1-sr2 | |
| Cisco Spa112 Firmware | =1.4.1-sr3 | |
| Cisco SPA112 | ||
| Cisco Spa122 Firmware | <1.4.1 | |
| Cisco Spa122 Firmware | =1.4.1 | |
| Cisco Spa122 Firmware | =1.4.1-sr1 | |
| Cisco Spa122 Firmware | =1.4.1-sr2 | |
| Cisco Spa122 Firmware | =1.4.1-sr3 | |
| Cisco SPA122 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco SPA100 Series Analog Telephone Adapters (ATA) vulnerability?
The vulnerability ID for this Cisco SPA100 Series Analog Telephone Adapters (ATA) vulnerability is CVE-2019-12708.
What is the severity of CVE-2019-12708?
The severity of CVE-2019-12708 is medium with a severity value of 6.5.
How does CVE-2019-12708 affect Cisco SPA112 Firmware?
CVE-2019-12708 affects Cisco SPA112 Firmware versions up to and inclusive of 1.4.1.
How does CVE-2019-12708 affect Cisco Spa122 Firmware?
CVE-2019-12708 affects Cisco Spa122 Firmware versions up to and inclusive of 1.4.1.
How can an attacker exploit CVE-2019-12708?
An authenticated, remote attacker can exploit CVE-2019-12708 to access sensitive information on an affected device by exploiting the unsafe handling of user credentials in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs).
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco spa112 firmware
- version/cisco spa112 firmware/1.4.1
- version/cisco spa112 firmware/1.4.1-sr1
- version/cisco spa112 firmware/1.4.1-sr2
- version/cisco spa112 firmware/1.4.1-sr3
- canonical/cisco spa112
- canonical/cisco spa122 firmware
- version/cisco spa122 firmware/1.4.1
- version/cisco spa122 firmware/1.4.1-sr1
- version/cisco spa122 firmware/1.4.1-sr2
- version/cisco spa122 firmware/1.4.1-sr3
- canonical/cisco spa122