Storing passwords in a recoverable format in Cisco Systems, Inc products - CVE-2024-20462
Published: October 17, 2024
Vulnerability identifier: #VU98783
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-20462
CWE-ID: CWE-257
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
ATA 191 Multiplatform Analog Telephone Adapter
ATA 192 Multiplatform Analog Telephone Adapter
ATA 190 Series Analog Telephone Adapters
ATA 191 Multiplatform Analog Telephone Adapter
ATA 192 Multiplatform Analog Telephone Adapter
ATA 190 Series Analog Telephone Adapters
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect sanitization of HTML content from an affected device. A local user can view passwords that belong to other users.
How to mitigate CVE-2024-20462
Install updates from vendor's website.