Cisco SPA100 Series Analog Telephone Adapters 信息泄露漏洞

admin 2024-01-13 21:09:15 YS 来源:ZONE.CI 全球网 0 阅读模式
> Cisco SPA100 Series Analog Telephone Adapters 信息泄露漏洞

Cisco SPA100 Series Analog Telephone Adapters 信息泄露漏洞

CNNVD-ID编号 CNNVD-201910-1095 CVE编号 CVE-2019-12704
发布时间 2019-10-16 更新时间 2020-10-09
漏洞类型 路径遍历 漏洞来源 Andrew Orr and Alex Weber of Tenable Inc. .
危险等级 中危 威胁类型 远程
厂商 N/A

漏洞介绍

Cisco SPA100 Series Analog Telephone Adapters(ATAs)是美国思科(Cisco)公司的一款SPA100系列模拟电话适配器。

使用1.4.1 SR3及之前版本固件的Cisco SPA100 Series ATAs中基于Web的管理界面存在信息泄露漏洞,该漏洞源于程序没有进行正确的输入验证。远程攻击者可通过发送特制的请求利用该漏洞检索设备上的任意文件内容。

漏洞补丁

目前厂商已发布升级了Cisco SPA100 Series Analog Telephone Adapters 信息泄露漏洞的补丁,Cisco SPA100 Series Analog Telephone Adapters 信息泄露漏洞的补丁获取链接:

参考网址

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-webui-dos

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-running-config

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-reflected-xss

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-credentials

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.3878/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Cisco-SPA100-Series-ATA-file-reading-via-Web-Based-Management-Interface-30655

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-12704

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201910-1095

weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论:0   参与:  3