CVE-2022-20688 | THREATINT

Assigner	cisco
Reserved	2021-11-02
Published	2022-12-07
Updated	2024-08-03

Description

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition.

MEDIUM: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Product status

1.2.1

affected

1.2.2 SR1

affected

1.2.2

affected

1.2.2 SR2

affected

11.1.0 MSR4

affected

11.1.0

affected

11.1.0 MSR1

affected

11.1.0 MSR2

affected

11.1.0 MSR3

affected

1.1.0

affected

1.1.1

affected

1.1.2

affected

12.0.1 SR2

affected

12.0.1

affected

12.0.1 SR1

affected

12.0.1 SR3

affected

12.0.1 SR4

affected

11.2.1

affected

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs (cisco-sa-ata19x-multivuln-GEZYVvs)

cve.org CVE-2022-20688

nvd.nist.gov CVE-2022-20688

Download JSON

https://cve.threatint.com/CVE/CVE-2022-20688

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat

Subscribe to our newsletter to learn more about our work.