New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe remote Cisco SPA100 Series device is affected by multiple vulnerabilities:
- Multiple remote code execution vulnerabilities. An authenticated attacker can cause a stack overflow leading to control flow change in the Cisco SPA 112/122 device. (CVE-2019-15240, CVE-2019-15241, CVE-2019-15242, CVE-2019-15243, CVE-2019-15244, CVE-2019-15245, CVE-2019-15246, CVE-2019-15247, CVE-2019-15248, CVE-2019-15249, CVE-2019-15250, CVE-2019-15251, CVE-2019-15252)
- An arbitrary file disclosure vulnerability. An unauthenticated attacker can read any file on the device and elevate local privilege. (CVE-2019-12704)
- Multiple privilege escalation vulnerabilites. An authenticated attacker can leak the administrator password hash to escalate local privilege. (CVE-2019-12708, CVE-2019-15257)
- A denial of service vulnerability. An authenticated attacker can crash the web service with a malformed request. (CVE-2019-12258)
SolutionUpgrade Cisco SPA100 Series to firmware version 1.4.1 SR5 or later.