#VU98768 Execution with unnecessary privileges in Cisco Systems, Inc products - CVE-2024-20420
Published: October 17, 2024
Vulnerability identifier: #VU98768
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-20420
CWE-ID: CWE-250
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ATA 191 Multiplatform Analog Telephone Adapter
ATA 192 Multiplatform Analog Telephone Adapter
ATA 190 Series Analog Telephone Adapters
ATA 191 Multiplatform Analog Telephone Adapter
ATA 192 Multiplatform Analog Telephone Adapter
ATA 190 Series Analog Telephone Adapters
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to incorrect authorization verification by the HTTP server. A remote user can send a specially crafted request and run commands as the Admin user.
Remediation
Install updates from vendor's website.