Your one-stop web resource providing safety and security information to manufacturers

Pangea Communications has a patch to fix an authentication bypass using an alternate path or channel vulnerability in its Internet FAX Analog Telephone Adapter (ATA), according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Ankit Anubhav of NewSky Security, could cause the device to reboot and create a continual denial-of-service condition. Public exploits are available.

RELATED STORIES
Fuji Fixes FRENIC Devices
Siemens Fixes CP1604, CP1616 Holes
Siemens has Upgrade for Intel AMT
Siemens Fixes Hole in SIMATIC S7-300 CPU

An analog telephone adapter, Internet FAX ATA Version 3.1.8 and prior suffer from the issue.

Using a specially crafted URL, an attacker can bypass user authentication to cause the device to reboot, which may be used to cause a continual denial-of-service condition.

Schneider Bold

CVE-2019-6551 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees use mainly in the communication and information technology sectors. It also sees action on a global basis.

Pangea Communications contacted users of the affected product and have deployed a patch to resolve the issue. For more information, contact Pangea Communications support.

Pin It on Pinterest

Share This