CVE-2019-15257: Cisco SPA100 Series Analog Telephone Adapters Running Configuration Information Disclosure Vulnerability
First published: Wed Oct 16 2019(Updated: )
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An attacker could exploit this vulnerability by sending a request to an affected device through the web-based management interface. A successful exploit could allow the attacker to return running configuration information that could also include sensitive information.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Spa112 Firmware | <1.4.1 | |
| Cisco Spa112 Firmware | =1.4.1 | |
| Cisco Spa112 Firmware | =1.4.1-sr1 | |
| Cisco Spa112 Firmware | =1.4.1-sr2 | |
| Cisco Spa112 Firmware | =1.4.1-sr3 | |
| Cisco SPA112 | ||
| Cisco Spa122 Firmware | <1.4.1 | |
| Cisco Spa122 Firmware | =1.4.1 | |
| Cisco Spa122 Firmware | =1.4.1-sr1 | |
| Cisco Spa122 Firmware | =1.4.1-sr2 | |
| Cisco Spa122 Firmware | =1.4.1-sr3 | |
| Cisco SPA122 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15257?
CVE-2019-15257 is a vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) that allows an authenticated, remote attacker to access sensitive information on an affected device.
What is the severity of CVE-2019-15257?
CVE-2019-15257 has a severity score of 6.5 (medium).
How can an attacker exploit CVE-2019-15257?
An attacker can exploit CVE-2019-15257 by using improper restrictions on configuration information to access sensitive information on an affected device.
Which Cisco products are affected by CVE-2019-15257?
Cisco SPA100 Series Analog Telephone Adapters (ATAs) running certain firmware versions are affected by CVE-2019-15257.
How can I fix CVE-2019-15257?
To fix CVE-2019-15257, it is recommended to upgrade the firmware of the Cisco SPA100 Series Analog Telephone Adapters (ATAs) to a version that addresses the vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/title
- agent/event
- agent/first-publish-date
- agent/tags
- agent/description
- vendor/cisco
- canonical/cisco spa112 firmware
- version/cisco spa112 firmware/1.4.1
- version/cisco spa112 firmware/1.4.1-sr1
- version/cisco spa112 firmware/1.4.1-sr2
- version/cisco spa112 firmware/1.4.1-sr3
- canonical/cisco spa112
- canonical/cisco spa122 firmware
- version/cisco spa122 firmware/1.4.1
- version/cisco spa122 firmware/1.4.1-sr1
- version/cisco spa122 firmware/1.4.1-sr2
- version/cisco spa122 firmware/1.4.1-sr3
- canonical/cisco spa122