Pangea Communications has a patch to fix an authentication bypass using an alternate path or channel vulnerability in its Internet FAX Analog Telephone Adapter (ATA), according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, discovered by Ankit Anubhav of NewSky Security, could cause the device to reboot and create a continual denial-of-service condition. Public exploits are available.
An analog telephone adapter, Internet FAX ATA Version 3.1.8 and prior suffer from the issue.
Using a specially crafted URL, an attacker can bypass user authentication to cause the device to reboot, which may be used to cause a continual denial-of-service condition.
CVE-2019-6551 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees use mainly in the communication and information technology sectors. It also sees action on a global basis.
Pangea Communications contacted users of the affected product and have deployed a patch to resolve the issue. For more information, contact Pangea Communications support.