Sign-up

ID

VAR-201910-0345


CVE

CVE-2019-12708


TITLE

Cisco SPA100 Series Analog Telephone Adapters Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-011136

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device

Trust: 2.16

sources: NVD: CVE-2019-12708 // JVNDB: JVNDB-2019-011136 // CNVD: CNVD-2019-36893

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36893

AFFECTED PRODUCTS

vendor:ciscomodel:spa112scope:eqversion:1.4.1

Trust: 1.6

vendor:ciscomodel:spa122scope:eqversion:1.4.1

Trust: 1.6

vendor:ciscomodel:spa112scope:ltversion:1.4.1

Trust: 1.0

vendor:ciscomodel:spa122scope:ltversion:1.4.1

Trust: 1.0

vendor:ciscomodel:spa 112scope: - version: -

Trust: 0.8

vendor:ciscomodel:spa 122scope: - version: -

Trust: 0.8

vendor:ciscomodel:spa100 series sr3scope:lteversion:<=1.4.1

Trust: 0.6

vendor:ciscomodel:spa112scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:spa122scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-36893 // JVNDB: JVNDB-2019-011136 // CNNVD: CNNVD-201910-1091 // NVD: CVE-2019-12708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12708
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12708
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12708
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-36893
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-1091
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-12708
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-36893
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ykramarz@cisco.com: CVE-2019-12708
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12708
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-36893 // JVNDB: JVNDB-2019-011136 // CNNVD: CNNVD-201910-1091 // NVD: CVE-2019-12708 // NVD: CVE-2019-12708

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2019-011136 // NVD: CVE-2019-12708

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1091

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201910-1091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011136

PATCH
title:cisco-sa-20191016-spa-credentialsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-credentials
Trust: 0.8
title:Patch for Cisco SPA100 Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/186441
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36893 // 
            
            
            
            JVNDB: JVNDB-2019-011136

EXTERNAL IDS
db:NVDid:CVE-2019-12708
Trust: 3.0
db:TENABLEid:TRA-2019-44
Trust: 1.6
db:JVNDBid:JVNDB-2019-011136
Trust: 0.8
db:CNVDid:CNVD-2019-36893
Trust: 0.6
db:AUSCERTid:ESB-2019.3878
Trust: 0.6
db:CNNVDid:CNNVD-201910-1091
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36893 // 
            
            
            
            JVNDB: JVNDB-2019-011136 // 
            
            
            
            CNNVD: CNNVD-201910-1091 // 
            
            
            
            NVD: CVE-2019-12708

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-credentials
Trust: 2.2
url:https://www.tenable.com/security/research/tra-2019-44
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-12708
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12708
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-ui-disclosure
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-webui-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-running-config
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-rce
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-reflected-xss
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-spa100-series-ata-information-disclosure-via-web-management-interface-30650
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3878/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36893 // 
            
            
            
            JVNDB: JVNDB-2019-011136 // 
            
            
            
            CNNVD: CNNVD-201910-1091 // 
            
            
            
            NVD: CVE-2019-12708

CREDITS
Andrew Orr and Alex Weber of Tenable Inc. .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201910-1091

SOURCES
db:CNVDid:CNVD-2019-36893
db:JVNDBid:JVNDB-2019-011136
db:CNNVDid:CNNVD-201910-1091
db:NVDid:CVE-2019-12708

LAST UPDATE DATE
2024-11-23T21:51:52.673000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36893date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2019-011136date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1091date:2019-10-22T00:00:00
db:NVDid:CVE-2019-12708date:2024-11-21T04:23:24.573

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36893date:2019-10-23T00:00:00
db:JVNDBid:JVNDB-2019-011136date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1091date:2019-10-16T00:00:00
db:NVDid:CVE-2019-12708date:2019-10-16T19:15:11.847