Security Advisory: Vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter Enable Remote Code Execution Through Firmware Flaws

Recent vulnerabilities have been identified in the Cisco ATA 190 Series Analog Telephone Adapter, which could allow attackers to execute remote code. In response, Cisco has issued a security advisory detailing these risks and recommending updates to mitigate potential threats. Users are urged to review their firmware versions and implement necessary security measures to protect their systems from exploitation.

Security Advisory: Vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter Enable Remote Code Execution Through Firmware Flaws

Critical Security Advisory: Cisco ATA 190 Series Firmware Vulnerabilities

Cisco has issued a critical security advisory regarding multiple vulnerabilities in its ATA 190 Series Analog Telephone Adapters, which are widely used for voice communication in various organizational settings. These vulnerabilities could allow remote attackers to manipulate device configurations, execute commands, and potentially compromise sensitive information.

Affected Products

The vulnerabilities specifically affect the following models if they are operating on vulnerable firmware versions:

  • ATA 191 (On-Premises and Multiplatform configurations)
  • ATA 192 (Multiplatform)

It is crucial for users of these devices to evaluate their firmware versions to determine if they are affected.

Overview of Vulnerabilities

The advisory details eight vulnerabilities, each varying in impact and severity:

  1. CVE-2024-20458: This vulnerability exists in the web management interface, allowing unauthenticated remote attackers to view, delete, or alter configurations due to a lack of proper authentication. Exploiting this flaw could significantly compromise device integrity.

  2. CVE-2024-20421: Insufficient CSRF protections can allow attackers to trick users into executing actions they did not intend to, potentially leading to unauthorized modifications on the device.

  3. CVE-2024-20459: High-privileged authenticated users can exploit this command injection vulnerability, allowing them to execute arbitrary commands as the operating system's root user.

  4. CVE-2024-20460: The reflected XSS vulnerability allows attackers to inject malicious scripts into the user’s session, potentially accessing sensitive information.

  5. CVE-2024-20461: Local attackers with high privileges can execute commands as the root user through improperly sanitized CLI inputs.

  6. CVE-2024-20462: Authenticated local users can exploit improper HTML content sanitization to view other users' passwords.

  7. CVE-2024-20463: This vulnerability permits unauthenticated attackers to modify device configurations or reboot the device through malicious requests, leading to denial-of-service conditions.

  8. CVE-2024-20420: This privilege escalation vulnerability allows low-privileged authenticated users to execute commands with administrative privileges due to flawed authorization checks.

Mitigation Strategies

Cisco has released firmware updates to address these vulnerabilities, with no viable workarounds available. However, for ATA 191 on-premises firmware, the web-based management interface can be disabled as a mitigation measure. This feature is disabled by default, significantly reducing the risk of exposure.

Recommendations

Organizations using the affected models should:

  • Update Firmware: Promptly apply the latest firmware updates provided by Cisco to mitigate the identified vulnerabilities.
  • Evaluate Security Settings: Review security settings and ensure that the web management interface is disabled if not in use.
  • Monitor for Malicious Activity: Regularly audit device logs for any unauthorized access attempts or unusual behavior.

Conclusion

Cisco remains committed to addressing security vulnerabilities in its products and urges affected users to take swift action. For comprehensive details and to obtain the necessary firmware updates, users should refer to the Cisco Security Advisory. Customers can contact the Cisco Technical Assistance Center (TAC) for further inquiries or assistance.

Cisco Security Advisory