CVE-2021-34735

Description

Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Related CPE's

o cisco ata_190_firmware -*******

h cisco ata_190 -*******

o cisco ata_191_firmware -*******

h cisco ata_191 -*******

o cisco ata_192_firmware -*******

h cisco ata_192 -*******

References

20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities

Vendor Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	NONE
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	NONE
PrivilegesRequired	NONE
BaseScore	7.5
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	NONE
AvailabilityImpact	COMPLETE
IntegrityImpact	NONE
BaseScore	7.8
VectorString	AV:N/AC:L/Au:N/C:N/I:N/A:C
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io