Cisco SPA100 Series Multiple Vulnerabilities

high Nessus Plugin ID 129982
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Cisco SPA100 Series device is affected by multiple vulnerabilities:

- Multiple remote code execution vulnerabilities. An authenticated attacker can cause a stack overflow leading to control flow change in the Cisco SPA 112/122 device. (CVE-2019-15240, CVE-2019-15241, CVE-2019-15242, CVE-2019-15243, CVE-2019-15244, CVE-2019-15245, CVE-2019-15246, CVE-2019-15247, CVE-2019-15248, CVE-2019-15249, CVE-2019-15250, CVE-2019-15251, CVE-2019-15252)

- Multiple cross-site scripting vulnerabilities. An authenticated attacker can inject javascript on the Cisco SPA 112/122 device. (CVE-2019-12702, CVE-2019-12703)

- An arbitrary file disclosure vulnerability. An unauthenticated attacker can read any file on the device and elevate local privilege. (CVE-2019-12704)

- Multiple privilege escalation vulnerabilites. An authenticated attacker can leak the administrator password hash to escalate local privilege. (CVE-2019-12708, CVE-2019-15257)

- A denial of service vulnerability. An authenticated attacker can crash the web service with a malformed request. (CVE-2019-12258)

Solution

Upgrade Cisco SPA100 Series to firmware version 1.4.1 SR5 or later.

See Also

https://www.tenable.com/security/research/tra-2019-44

http://www.nessus.org/u?36518fa8

http://www.nessus.org/u?88204172

http://www.nessus.org/u?50f480f5

http://www.nessus.org/u?c85940fa

http://www.nessus.org/u?c6a2b0c7

http://www.nessus.org/u?7615d430

Plugin Details

Severity: High

ID: 129982

File Name: cisco-sa-20191016-spa-rce.nasl

Version: 1.5

Type: remote

Family: CISCO

Published: 10/17/2019

Updated: 6/26/2020

Dependencies: cisco_spa_web_detection.nbin, cisco_spa_sip_detection.nbin

Risk Information

CVSS Score Source: CVE-2019-15252

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.2

Temporal Score: 3.8

Vector: CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8

Temporal Score: 7

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:2.3:h:cisco:spa:*:*:*:*:*:*:*:*, x-cpe:2.3:o:cisco:spa:*:*:*:*:*:*:*:*

Required KB Items: installed_sw/Cisco SPA ATA

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/16/2019

Reference Information

CVE: CVE-2019-15240, CVE-2019-15241, CVE-2019-15242, CVE-2019-15243, CVE-2019-15244, CVE-2019-15245, CVE-2019-15246, CVE-2019-15247, CVE-2019-15248, CVE-2019-15249, CVE-2019-15250, CVE-2019-15251, CVE-2019-15252, CVE-2019-12704, CVE-2019-12703, CVE-2019-12702, CVE-2019-15258, CVE-2019-15257