Details of VAR-201910-0959

ID

VAR-201910-0959

CVE

CVE-2019-15240

TITLE

Cisco SPA100 Series Analog Telephone Adapters Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-011002 // CNNVD: CNNVD-201910-1115

DESCRIPTION

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. The Cisco SPA100 Series is an analog phone adapter from Cisco that allows your standard analog phone to access Internet phone services through the RJ-11 phone port. A remote code execution vulnerability exists in the Cisco SPA100 series with firmware 1.4.1 SR4 and earlier

Trust: 2.25

sources: NVD: CVE-2019-15240 // JVNDB: JVNDB-2019-011002 // CNVD: CNVD-2019-36889 // VULMON: CVE-2019-15240

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-36889

AFFECTED PRODUCTS

vendor:	cisco	model:	spa112	scope:	eq	version:	1.4.1	Trust: 1.6
vendor:	cisco	model:	spa122	scope:	eq	version:	1.4.1	Trust: 1.6
vendor:	cisco	model:	spa112	scope:	lt	version:	1.4.1	Trust: 1.0
vendor:	cisco	model:	spa122	scope:	lt	version:	1.4.1	Trust: 1.0
vendor:	cisco	model:	spa 112	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa 122	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	spa112 sr4	scope:	lte	version:	<=1.4.1	Trust: 0.6
vendor:	cisco	model:	spa122 ata with router sr4	scope:	lte	version:	<=1.4.1	Trust: 0.6
vendor:	cisco	model:	spa112	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	spa122	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-36889 // JVNDB: JVNDB-2019-011002 // CNNVD: CNNVD-201910-1115 // NVD: CVE-2019-15240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15240
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15240
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15240
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-36889
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-1115
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-15240
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15240
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-36889
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ykramarz@cisco.com:	CVE-2019-15240
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-15240
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-36889 // VULMON: CVE-2019-15240 // JVNDB: JVNDB-2019-011002 // CNNVD: CNNVD-201910-1115 // NVD: CVE-2019-15240 // NVD: CVE-2019-15240

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2019-011002 // NVD: CVE-2019-15240

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1115

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1115

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011002

PATCH

title:	cisco-sa-20191016-spa-rce	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce	Trust: 0.8
title:	Patch for Cisco SPA100 Remote Code Execution Vulnerability (CNVD-2019-36889)	url:	https://www.cnvd.org.cn/patchInfo/show/186431	Trust: 0.6
title:	Cisco: Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20191016-spa-rce	Trust: 0.1

sources: CNVD: CNVD-2019-36889 // VULMON: CVE-2019-15240 // JVNDB: JVNDB-2019-011002

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15240	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-011002	Trust: 0.8
db:	CNVD	id:	CNVD-2019-36889	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3878	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-1115	Trust: 0.6
db:	VULMON	id:	CVE-2019-15240	Trust: 0.1

sources: CNVD: CNVD-2019-36889 // VULMON: CVE-2019-15240 // JVNDB: JVNDB-2019-011002 // CNNVD: CNNVD-201910-1115 // NVD: CVE-2019-15240

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-rce	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15240	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15240	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-ui-disclosure	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-webui-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-running-config	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-reflected-xss	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-credentials	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3878/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-spa100-series-ata-code-execution-30652	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-36889 // VULMON: CVE-2019-15240 // JVNDB: JVNDB-2019-011002 // CNNVD: CNNVD-201910-1115 // NVD: CVE-2019-15240

CREDITS

Andrew Orr and Alex Weber of Tenable Inc. .

Trust: 0.6

sources: CNNVD: CNNVD-201910-1115

SOURCES

db:	CNVD	id:	CNVD-2019-36889
db:	VULMON	id:	CVE-2019-15240
db:	JVNDB	id:	JVNDB-2019-011002
db:	CNNVD	id:	CNNVD-201910-1115
db:	NVD	id:	CVE-2019-15240

LAST UPDATE DATE

2024-11-23T21:51:52.537000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-36889	date:	2019-10-24T00:00:00
db:	VULMON	id:	CVE-2019-15240	date:	2019-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-011002	date:	2019-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201910-1115	date:	2019-10-21T00:00:00
db:	NVD	id:	CVE-2019-15240	date:	2024-11-21T04:28:16.327

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-36889	date:	2019-10-23T00:00:00
db:	VULMON	id:	CVE-2019-15240	date:	2019-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-011002	date:	2019-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201910-1115	date:	2019-10-16T00:00:00
db:	NVD	id:	CVE-2019-15240	date:	2019-10-16T19:15:12.083