CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20460

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.8%

CVSS Severity

CVSS v3 Score 6.1

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy

Products affected by CVE-2024-20460

Cisco » Ata 191 » Version: N/A

cpe:2.3:h:cisco:ata_191:-
Cisco » Ata 192 » Version: N/A

cpe:2.3:h:cisco:ata_192:-
Cisco » Ata 191 Firmware » Version: N/A

cpe:2.3:o:cisco:ata_191_firmware:-
Cisco » Ata 191 Firmware » Version: 11.2.5

cpe:2.3:o:cisco:ata_191_firmware:11.2.5
Cisco » Ata 191 Firmware » Version: 12.0.1

cpe:2.3:o:cisco:ata_191_firmware:12.0.1
Cisco » Ata 192 Firmware » Version: N/A

cpe:2.3:o:cisco:ata_192_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20460

Products

Pricing

Contact Us