Security readout for executives and security teams
Plain-English summary
An authenticated attacker with network access to the Cisco ATA management interface could read files from the device. The main business risk is sensitive information exposure, especially if management access is internet-facing or broadly reachable internally.
Executive priority
Treat as a focused remediation item for voice infrastructure. It is not listed as actively exploited in the provided sources, but exposed management interfaces could disclose sensitive device files. Prioritize internet-facing or weakly segmented deployments.
Technical view
CVE-2019-12704 is an improper input validation issue in the Cisco SPA100 Series ATA web-based management interface. A low-privileged authenticated remote attacker could send a crafted management request and retrieve arbitrary file contents from the device. Integrity and availability are not reported as impacted.
Likely exposure
Exposure is likely where Cisco SPA112 or SPA100 Series ATA web management is enabled and reachable by users with device credentials. Internet-exposed or flat internal management networks increase risk. Segmented devices with tightly limited administrator access have lower exposure.
Exploitation context
The provided sources do not report known active exploitation, and the CVE is not marked as CISA KEV. Exploitation requires authentication, network reachability to the web management interface, and a crafted request. The impact is high confidentiality loss, not code execution.
Researcher notes
The source bundle supports authenticated arbitrary file disclosure through the web management interface, mapped to CWE-200 and CVSS 3.0 score 6.5. Evidence for exact fixed versions or workarounds is not included in the bundle, so confirm details in Cisco’s advisory before closure.
Mitigation direction
- Review the Cisco advisory for affected releases, fixed software, or official workaround guidance.
- Restrict ATA web management access to trusted administrator networks only.
- Disable remote management exposure where it is not operationally required.
- Audit ATA administrator accounts and remove unnecessary or shared access.
- Rotate credentials if management access was exposed to untrusted networks.
Validation and detection
- Inventory Cisco SPA112 and SPA100 Series ATA devices in the environment.
- Confirm whether the web-based management interface is enabled and reachable.
- Check device software and model details against Cisco advisory guidance.
- Review firewall rules for internet or broad internal access to ATA management.
- Look for unexpected management logins or configuration access around exposure windows.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-200: Information exposure and cloud metadata lookup
Information exposure and SSRF weaknesses can make discovery, cloud metadata, and credential material review relevant. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2019-12704 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Medium
- CVSS
- 6.5 (3.0)
- Known Exploited
- No
- Published
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N2.83.6Primary CVE scoreVulnerability scoring details
Base CVSS 3.0 score
6.5MediumVector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source materials
- CVE List V5 sourceCVE List V5
- 20191016 Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure VulnerabilityCVE reference · vendor-advisory, x_refsource_CISCO
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information to an Unauthorized Actor represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
