VAR-200208-0135
Vulnerability from variot - Updated: 2025-04-03 22:30The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP (VoIP). It includes support for web based configuration. Under some circumstances, it may be possible to bypass the authentication required for this web interface. This may be done with a specially formatted change password request. Exploitation allows a remote attacker to reconfigure the vulnerable device. Reportedly, HTTP requests consisting of a single character will cause the device to disclose sensitive configuration information, including the password to the administrative web interface. By viewing the source code of the configuration tool screen page, it can be seen that there are no hidden parameters used to maintain the state, so you can trust the device usage type and HTTP input to determine whether configuration is allowed: For example: if three \"ChangeUIPasswd\" parameters without any value are provided to the system, the ATA-186 will display the login screen, similarly, if all three values of \"ChangeUIPasswd\" are provided, but one of the values does not match the password stored in the device, the login screen will appear again, if all provided correctly parameters, the device considers that the user has passed the authentication and provides configuration information. Interestingly, if only two \"ChangeUIPasswd\" parameters are passed, the device can also allow the user to configure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0135",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ata-186",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ata-186",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
}
],
"sources": [
{
"db": "BID",
"id": "4712"
},
{
"db": "BID",
"id": "4711"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-022"
},
{
"db": "NVD",
"id": "CVE-2002-0769"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Patrick Michael Kane \u003cpmk-bugtraq@wealsowalkdogs.com\u003e.",
"sources": [
{
"db": "BID",
"id": "4712"
},
{
"db": "BID",
"id": "4711"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0769",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0769",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5160",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0769",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-022",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5160"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-022"
},
{
"db": "NVD",
"id": "CVE-2002-0769"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP (VoIP). It includes support for web based configuration. \nUnder some circumstances, it may be possible to bypass the authentication required for this web interface. This may be done with a specially formatted change password request. Exploitation allows a remote attacker to reconfigure the vulnerable device. \nReportedly, HTTP requests consisting of a single character will cause the device to disclose sensitive configuration information, including the password to the administrative web interface. By viewing the source code of the configuration tool screen page, it can be seen that there are no hidden parameters used to maintain the state, so you can trust the device usage type and HTTP input to determine whether configuration is allowed: For example: if three \\\"ChangeUIPasswd\\\" parameters without any value are provided to the system, the ATA-186 will display the login screen, similarly, if all three values \u200b\u200bof \\\"ChangeUIPasswd\\\" are provided, but one of the values \u200b\u200bdoes not match the password stored in the device, the login screen will appear again, if all provided correctly parameters, the device considers that the user has passed the authentication and provides configuration information. Interestingly, if only two \\\"ChangeUIPasswd\\\" parameters are passed, the device can also allow the user to configure",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0769"
},
{
"db": "BID",
"id": "4712"
},
{
"db": "BID",
"id": "4711"
},
{
"db": "VULHUB",
"id": "VHN-5160"
}
],
"trust": 1.53
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5160",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5160"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0769",
"trust": 2.3
},
{
"db": "BID",
"id": "4711",
"trust": 2.0
},
{
"db": "BID",
"id": "4712",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200208-022",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20020523 ATA-186 PASSWORD DISCLOSURE VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020509 CISCO ATA-186 ADMIN PASSWORD CAN BE TRIVIALLY CIRCUMVENTED",
"trust": 0.6
},
{
"db": "XF",
"id": "9057",
"trust": 0.6
},
{
"db": "XF",
"id": "9056",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-75267",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "21441",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5160",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5160"
},
{
"db": "BID",
"id": "4712"
},
{
"db": "BID",
"id": "4711"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-022"
},
{
"db": "NVD",
"id": "CVE-2002-0769"
}
]
},
"id": "VAR-200208-0135",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5160"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:30:55.434000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0769"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4711"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4712"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9057.php"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9056.php"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/warp/public/cc/pd/as/180/186/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5160"
},
{
"db": "BID",
"id": "4712"
},
{
"db": "BID",
"id": "4711"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-022"
},
{
"db": "NVD",
"id": "CVE-2002-0769"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5160"
},
{
"db": "BID",
"id": "4712"
},
{
"db": "BID",
"id": "4711"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-022"
},
{
"db": "NVD",
"id": "CVE-2002-0769"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5160"
},
{
"date": "2002-05-09T00:00:00",
"db": "BID",
"id": "4712"
},
{
"date": "2002-05-09T00:00:00",
"db": "BID",
"id": "4711"
},
{
"date": "2002-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-022"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0769"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5160"
},
{
"date": "2009-07-11T12:46:00",
"db": "BID",
"id": "4712"
},
{
"date": "2009-07-11T12:46:00",
"db": "BID",
"id": "4711"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-022"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0769"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "4712"
},
{
"db": "BID",
"id": "4711"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ATA-186 WEB Management Interface Access Verification bypasses the vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-022"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-022"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…