Cisco SPA100 Series Multiple Vulnerabilities

Medium Nessus Plugin ID 129982

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Cisco SPA100 Series device is affected by multiple vulnerabilities:

- Multiple remote code execution vulnerabilities. An authenticated attacker can cause a stack overflow leading to control flow change in the Cisco SPA 112/122 device. (CVE-2019-15240, CVE-2019-15241, CVE-2019-15242, CVE-2019-15243, CVE-2019-15244, CVE-2019-15245, CVE-2019-15246, CVE-2019-15247, CVE-2019-15248, CVE-2019-15249, CVE-2019-15250, CVE-2019-15251, CVE-2019-15252)

- Multiple cross-site scripting vulnerabilities. An authenticated attacker can inject javascript on the Cisco SPA 112/122 device. (CVE-2019-12702, CVE-2019-12703)

- An arbitrary file disclosure vulnerability. An unauthenticated attacker can read any file on the device and elevate local privilege. (CVE-2019-12704)

- Multiple privilege escalation vulnerabilites. An authenticated attacker can leak the administrator password hash to escalate local privilege. (CVE-2019-12708, CVE-2019-15257)

- A denial of service vulnerability. An authenticated attacker can crash the web service with a malformed request. (CVE-2019-12258)

Solution

Upgrade Cisco SPA100 Series to firmware version 1.4.1 SR5 or later.

See Also

https://www.tenable.com/security/research/tra-2019-44

http://www.nessus.org/u?36518fa8

http://www.nessus.org/u?88204172

http://www.nessus.org/u?50f480f5

http://www.nessus.org/u?c85940fa

http://www.nessus.org/u?c6a2b0c7

http://www.nessus.org/u?7615d430

Plugin Details

Severity: Medium

ID: 129982

File Name: cisco-sa-20191016-spa-rce.nasl

Version: 1.5

Type: remote

Family: CISCO

Published: 2019/10/17

Updated: 2020/06/26

Dependencies: 129983, 129984

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2019-15252

CVSS v2.0

Base Score: 5.2

Temporal Score: 3.8

Vector: CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8

Temporal Score: 7

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/h:cisco:spa, x-cpe:/o:cisco:spa

Required KB Items: installed_sw/Cisco SPA ATA

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2019/10/16

Reference Information

CVE: CVE-2019-12702, CVE-2019-12703, CVE-2019-12704, CVE-2019-15240, CVE-2019-15241, CVE-2019-15242, CVE-2019-15243, CVE-2019-15244, CVE-2019-15245, CVE-2019-15246, CVE-2019-15247, CVE-2019-15248, CVE-2019-15249, CVE-2019-15250, CVE-2019-15251, CVE-2019-15252, CVE-2019-15257, CVE-2019-15258