Sign-up

ID

VAR-201910-0973


CVE

CVE-2019-15257


TITLE

Cisco SPA100 Series Analog Telephone Adapters Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-011118

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An attacker could exploit this vulnerability by sending a request to an affected device through the web-based management interface. A successful exploit could allow the attacker to return running configuration information that could also include sensitive information

Trust: 2.16

sources: NVD: CVE-2019-15257 // JVNDB: JVNDB-2019-011118 // CNVD: CNVD-2019-36888

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36888

AFFECTED PRODUCTS

vendor:ciscomodel:spa112scope:ltversion:1.4.1

Trust: 1.0

vendor:ciscomodel:spa122scope:eqversion:1.4.1

Trust: 1.0

vendor:ciscomodel:spa122scope:ltversion:1.4.1

Trust: 1.0

vendor:ciscomodel:spa112scope:eqversion:1.4.1

Trust: 1.0

vendor:ciscomodel:spa 112scope: - version: -

Trust: 0.8

vendor:ciscomodel:spa 122scope: - version: -

Trust: 0.8

vendor:ciscomodel:spa100 series sr3scope:lteversion:<=1.4.1

Trust: 0.6

sources: CNVD: CNVD-2019-36888 // JVNDB: JVNDB-2019-011118 // NVD: CVE-2019-15257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15257
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15257
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15257
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-36888
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-1094
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15257
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-36888
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ykramarz@cisco.com: CVE-2019-15257
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15257
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-36888 // JVNDB: JVNDB-2019-011118 // CNNVD: CNNVD-201910-1094 // NVD: CVE-2019-15257 // NVD: CVE-2019-15257

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

problemtype:NVD-CWE-Other

Trust: 1.0

sources: JVNDB: JVNDB-2019-011118 // NVD: CVE-2019-15257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1094

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-1094

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011118

PATCH
title:cisco-sa-20191016-spa-running-configurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-running-config
Trust: 0.8
title:Patch for Cisco SPA100 Information Disclosure Vulnerability (CNVD-2019-36888)url:https://www.cnvd.org.cn/patchInfo/show/186437
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36888 // 
            
            
            
            JVNDB: JVNDB-2019-011118

EXTERNAL IDS
db:NVDid:CVE-2019-15257
Trust: 3.0
db:TENABLEid:TRA-2019-44
Trust: 1.6
db:JVNDBid:JVNDB-2019-011118
Trust: 0.8
db:CNVDid:CNVD-2019-36888
Trust: 0.6
db:AUSCERTid:ESB-2019.3878
Trust: 0.6
db:CNNVDid:CNNVD-201910-1094
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36888 // 
            
            
            
            JVNDB: JVNDB-2019-011118 // 
            
            
            
            CNNVD: CNNVD-201910-1094 // 
            
            
            
            NVD: CVE-2019-15257

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-running-config
Trust: 2.2
url:https://www.tenable.com/security/research/tra-2019-44
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-15257
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15257
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-ui-disclosure
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-webui-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-rce
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-reflected-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-spa-credentials
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-spa100-series-ata-information-disclosure-via-running-configuration-30654
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3878/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36888 // 
            
            
            
            JVNDB: JVNDB-2019-011118 // 
            
            
            
            CNNVD: CNNVD-201910-1094 // 
            
            
            
            NVD: CVE-2019-15257

CREDITS
Andrew Orr and Alex Weber of Tenable Inc. .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201910-1094

SOURCES
db:CNVDid:CNVD-2019-36888
db:JVNDBid:JVNDB-2019-011118
db:CNNVDid:CNNVD-201910-1094
db:NVDid:CVE-2019-15257

LAST UPDATE DATE
2024-11-23T21:51:52.096000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36888date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2019-011118date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1094date:2020-10-10T00:00:00
db:NVDid:CVE-2019-15257date:2024-11-21T04:28:18.550

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36888date:2019-10-23T00:00:00
db:JVNDBid:JVNDB-2019-011118date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1094date:2019-10-16T00:00:00
db:NVDid:CVE-2019-15257date:2019-10-16T19:15:13.537