.Cisco on Wednesday announced patches for eight weakness in the firmware of ATA 190 set analog telephone adapters, consisting of 2 high-severity imperfections leading to configuration modifications and cross-site request imitation (CSRF) assaults.Impacting the online management interface of the firmware and tracked as CVE-2024-20458, the 1st bug exists due to the fact that certain HTTP endpoints do not have authorization, enabling remote, unauthenticated aggressors to browse to a particular link and also perspective or delete arrangements, or even tweak the firmware.The 2nd problem, tracked as CVE-2024-20421, enables distant, unauthenticated assaulters to conduct CSRF strikes as well as do approximate actions on prone tools. An opponent may make use of the safety problem by persuading a customer to click on a crafted link.Cisco additionally covered a medium-severity susceptability (CVE-2024-20459) that could enable remote, certified assaulters to carry out arbitrary orders with origin opportunities.The continuing to be 5 safety and security flaws, all medium extent, can be manipulated to conduct cross-site scripting (XSS) assaults, carry out random demands as root, perspective codes, customize device setups or even reboot the gadget, as well as function demands with supervisor privileges.Depending on to Cisco, ATA 191 (on-premises or even multiplatform) as well as ATA 192 (multiplatform) units are actually influenced. While there are actually no workarounds available, disabling the online administration interface in the Cisco ATA 191 on-premises firmware mitigates six of the imperfections.Patches for these bugs were featured in firmware version 12.0.2 for the ATA 191 analog telephone adapters, and firmware version 11.2.5 for the ATA 191 and 192 multiplatform analog telephone adapters.On Wednesday, Cisco additionally revealed patches for two medium-severity safety problems in the UCS Central Software enterprise monitoring option and the Unified Contact Center Control Gateway (Unified CCMP) that can result in vulnerable relevant information disclosure and also XSS assaults, respectively.Advertisement. Scroll to carry on analysis.Cisco creates no acknowledgment of any one of these vulnerabilities being capitalized on in the wild. Extra details could be discovered on the company's protection advisories page.Connected: Splunk Organization Update Patches Remote Code Execution Vulnerabilities.Connected: ICS Spot Tuesday: Advisories Published through Siemens, Schneider, Phoenix Metro Call, CERT@VDE.Related: Cisco to Acquire Network Intelligence Company ThousandEyes.Related: Cisco Patches Important Vulnerabilities in Best Infrastructure (PRIVATE DETECTIVE) Software Application.