Lucene search

[email protected]NVD:CVE-2019-15257

HistoryOct 16, 2019 - 7:15 p.m.

CVE-2019-15257

2019-10-1619:15:13

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An attacker could exploit this vulnerability by sending a request to an affected device through the web-based management interface. A successful exploit could allow the attacker to return running configuration information that could also include sensitive information.

Affected configurations

Nvd

Node

ciscospa112_firmwareRange<1.4.1

ciscospa112_firmwareMatch1.4.1-

ciscospa112_firmwareMatch1.4.1sr1

ciscospa112_firmwareMatch1.4.1sr2

ciscospa112_firmwareMatch1.4.1sr3

AND

ciscospa112Match-

Node

ciscospa122_firmwareRange<1.4.1

ciscospa122_firmwareMatch1.4.1-

ciscospa122_firmwareMatch1.4.1sr1

ciscospa122_firmwareMatch1.4.1sr2

ciscospa122_firmwareMatch1.4.1sr3

AND

ciscospa122Match-

VendorProductVersionCPE
ciscospa112_firmware*cpe:2.3:o:cisco:spa112_firmware:*:*:*:*:*:*:*:*
ciscospa112_firmware1.4.1cpe:2.3:o:cisco:spa112_firmware:1.4.1:-:*:*:*:*:*:*
ciscospa112_firmware1.4.1cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr1:*:*:*:*:*:*
ciscospa112_firmware1.4.1cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr2:*:*:*:*:*:*
ciscospa112_firmware1.4.1cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr3:*:*:*:*:*:*
ciscospa112-cpe:2.3:h:cisco:spa112:-:*:*:*:*:*:*:*
ciscospa122_firmware*cpe:2.3:o:cisco:spa122_firmware:*:*:*:*:*:*:*:*
ciscospa122_firmware1.4.1cpe:2.3:o:cisco:spa122_firmware:1.4.1:-:*:*:*:*:*:*
ciscospa122_firmware1.4.1cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr1:*:*:*:*:*:*
ciscospa122_firmware1.4.1cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr2:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	spa112_firmware	*	cpe:2.3:o:cisco:spa112_firmware::::::::
cisco	spa112_firmware	1.4.1	cpe:2.3:o:cisco:spa112_firmware:1.4.1:-::::::
cisco	spa112_firmware	1.4.1	cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr1::::::
cisco	spa112_firmware	1.4.1	cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr2::::::
cisco	spa112_firmware	1.4.1	cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr3::::::
cisco	spa112	-	cpe:2.3:h:cisco:spa112:-:::::::*
cisco	spa122_firmware	*	cpe:2.3:o:cisco:spa122_firmware::::::::
cisco	spa122_firmware	1.4.1	cpe:2.3:o:cisco:spa122_firmware:1.4.1:-::::::
cisco	spa122_firmware	1.4.1	cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr1::::::
cisco	spa122_firmware	1.4.1	cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr2::::::

Rows per page:

1-10 of 121

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-running-config

www.tenable.com/security/research/tra-2019-44

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

Related for NVD:CVE-2019-15257

cisco1 symantec1 cvelist1 prion1 cve1 nessus1