LiveActive security incident?Get immediate response
CVE Record

CVE-2019-12704: Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information.

MediumCVSS 6.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

An authenticated attacker with network access to the Cisco ATA management interface could read files from the device. The main business risk is sensitive information exposure, especially if management access is internet-facing or broadly reachable internally.

Executive priority

Treat as a focused remediation item for voice infrastructure. It is not listed as actively exploited in the provided sources, but exposed management interfaces could disclose sensitive device files. Prioritize internet-facing or weakly segmented deployments.

Technical view

CVE-2019-12704 is an improper input validation issue in the Cisco SPA100 Series ATA web-based management interface. A low-privileged authenticated remote attacker could send a crafted management request and retrieve arbitrary file contents from the device. Integrity and availability are not reported as impacted.

Likely exposure

Exposure is likely where Cisco SPA112 or SPA100 Series ATA web management is enabled and reachable by users with device credentials. Internet-exposed or flat internal management networks increase risk. Segmented devices with tightly limited administrator access have lower exposure.

Exploitation context

The provided sources do not report known active exploitation, and the CVE is not marked as CISA KEV. Exploitation requires authentication, network reachability to the web management interface, and a crafted request. The impact is high confidentiality loss, not code execution.

Researcher notes

The source bundle supports authenticated arbitrary file disclosure through the web management interface, mapped to CWE-200 and CVSS 3.0 score 6.5. Evidence for exact fixed versions or workarounds is not included in the bundle, so confirm details in Cisco’s advisory before closure.

Mitigation direction

  • Review the Cisco advisory for affected releases, fixed software, or official workaround guidance.
  • Restrict ATA web management access to trusted administrator networks only.
  • Disable remote management exposure where it is not operationally required.
  • Audit ATA administrator accounts and remove unnecessary or shared access.
  • Rotate credentials if management access was exposed to untrusted networks.

Validation and detection

  • Inventory Cisco SPA112 and SPA100 Series ATA devices in the environment.
  • Confirm whether the web-based management interface is enabled and reachable.
  • Check device software and model details against Cisco advisory guidance.
  • Review firewall rules for internet or broad internal access to ATA management.
  • Look for unexpected management logins or configuration access around exposure windows.
Prepared
Confidence
high
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-200: Information exposure and cloud metadata lookup

Information exposure and SSRF weaknesses can make discovery, cloud metadata, and credential material review relevant. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-12704 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
6.5 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
6.5CVSS 3.0MediumCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N2.83.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

6.5Medium
CVSS 3.0 vector shape for CVE-2019-12704Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
CiscoCisco SPA112 2-Port Phone AdapterunspecifiedListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-200 · source CWE mapping

Exposure of Sensitive Information to an Unauthorized Actor

Exposure of Sensitive Information to an Unauthorized Actor represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.