Lucene search

CiscoCVE-2021-34710

HistoryOct 06, 2021 - 8:15 p.m.

CVE-2021-34710

2021-10-0620:15:09

CWE-78

CWE-770

cisco

web.nvd.nist.gov

cisco

ata 190

analog telephone adapter

software

vulnerabilities

cve-2021-34710

command injection

remote code execution

dos

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

48.6%

JSON

Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd

Node

ciscoata_190_firmwareMatch-

AND

ciscoata_190Match-

Node

ciscoata_191_firmwareMatch-

AND

ciscoata_191Match-

Node

ciscoata_192_firmwareMatch-

AND

ciscoata_192Match-

VendorProductVersionCPE
ciscoata_190_firmware-cpe:2.3:o:cisco:ata_190_firmware:-:*:*:*:*:*:*:*
ciscoata_190-cpe:2.3:h:cisco:ata_190:-:*:*:*:*:*:*:*
ciscoata_191_firmware-cpe:2.3:o:cisco:ata_191_firmware:-:*:*:*:*:*:*:*
ciscoata_191-cpe:2.3:h:cisco:ata_191:-:*:*:*:*:*:*:*
ciscoata_192_firmware-cpe:2.3:o:cisco:ata_192_firmware:-:*:*:*:*:*:*:*
ciscoata_192-cpe:2.3:h:cisco:ata_192:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ata_190_firmware	-	cpe:2.3:o:cisco:ata_190_firmware:-:::::::*
cisco	ata_190	-	cpe:2.3:h:cisco:ata_190:-:::::::*
cisco	ata_191_firmware	-	cpe:2.3:o:cisco:ata_191_firmware:-:::::::*
cisco	ata_191	-	cpe:2.3:h:cisco:ata_191:-:::::::*
cisco	ata_192_firmware	-	cpe:2.3:o:cisco:ata_192_firmware:-:::::::*
cisco	ata_192	-	cpe:2.3:h:cisco:ata_192:-:::::::*

CNA Affected

[
  {
    "product": "Cisco Analog Telephone Adaptor (ATA) Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

48.6%

JSON

Related for CVE-2021-34710