CVE-2019-15247

HIGH Year: 2019
CVSS v3 Score
8.0
High
CVSS v2 Score
5.2
Medium
Weakness Type
CWE-119
View all →

Vulnerability Description

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.

Related Vulnerabilities

CVE-2016-8377

HIGH
CVSS:8.0(High)

An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, ...

CWE-1192016

CVE-2017-2714

HIGH
CVSS:8.0(High)

The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitra...

CWE-1192017

CVE-2017-7050

HIGH
CVSS:8.0(High)

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context...

CWE-1192017

CVE-2017-7051

HIGH
CVSS:8.0(High)

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context...

CWE-1192017

CVE-2017-7054

HIGH
CVSS:8.0(High)

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context...

CWE-1192017

CVE-2017-8335

HIGH
CVSS:8.0(High)

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values ar...

CWE-1192017