{"containers": {"cna": {"affected": [{"product": "Cisco SPA112 2-Port Phone Adapter ", "vendor": "Cisco", "versions": [{"lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-17T19:06:07", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20191016 Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-webui-dos"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2019-44"}], "source": {"advisory": "cisco-sa-20191016-spa-webui-dos", "defect": [["CSCvq50529"]], "discovery": "INTERNAL"}, "title": "Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-10-16T16:00:00-0700", "ID": "CVE-2019-15258", "STATE": "PUBLIC", "TITLE": "Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco SPA112 2-Port Phone Adapter ", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "6.5", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "20191016 Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-webui-dos"}, {"name": "https://www.tenable.com/security/research/tra-2019-44", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-44"}]}, "source": {"advisory": "cisco-sa-20191016-spa-webui-dos", "defect": [["CSCvq50529"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-15258", "datePublished": "2019-10-16T00:00:00", "dateReserved": "2019-08-20T00:00:00", "dateUpdated": "2019-10-17T19:06:07", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa112_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDE978DB-5C48-4E25-A67E-497F033366E1", "versionEndExcluding": "1.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:spa112_firmware:1.4.1:-:*:*:*:*:*:*", "matchCriteriaId": "CDBCF90E-2E7B-4A58-B0DF-4A02D880EF0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr1:*:*:*:*:*:*", "matchCriteriaId": "661CECD1-038C-41B1-AEB7-9C3E5087E088", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr2:*:*:*:*:*:*", "matchCriteriaId": "691B5688-DDAF-49EE-8E9F-ABB06BB628B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:spa112_firmware:1.4.1:sr3:*:*:*:*:*:*", "matchCriteriaId": "C4BAC9C2-3475-42EC-81FA-12BE338C936A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa112:-:*:*:*:*:*:*:*", "matchCriteriaId": "F61B8649-0781-4AF5-8CED-34616A9524FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa122_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "22E490C8-BA3D-44E0-A677-C3311489EED5", "versionEndExcluding": "1.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:spa122_firmware:1.4.1:-:*:*:*:*:*:*", "matchCriteriaId": "30A5E568-2B2A-4A46-99E9-5FC203F96347", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr1:*:*:*:*:*:*", "matchCriteriaId": "4A1FCBBE-9EE3-4D9D-AD25-2D4FA5893263", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr2:*:*:*:*:*:*", "matchCriteriaId": "6D77D805-40B9-41F1-9A1A-C1A85E89361E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:spa122_firmware:1.4.1:sr3:*:*:*:*:*:*", "matchCriteriaId": "1B7D0675-063B-45A2-985D-B32FF3D6E15B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa122:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C874C71-46D9-48A4-81C9-7ADDDB22FC8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de los dispositivos Cisco SPA100 Series Analog Telephone Adapters (ATAs), podr\u00eda permitir a un atacante remoto autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de las peticiones suministradas por el usuario en la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n dise\u00f1ada hacia la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el dispositivo deje de responder, requiriendo intervenci\u00f3n manual para la recuperaci\u00f3n."}], "id": "CVE-2019-15258", "lastModified": "2020-10-09T12:39:53.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-16T19:15:13.630", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-webui-dos"}, {"source": "ykramarz@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2019-44"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-399"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}