Lucene search

[email protected]CVE-2022-20689

HistoryDec 12, 2022 - 9:15 a.m.

CVE-2022-20689

2022-12-1209:15:12

CWE-130

CWE-1284

[email protected]

web.nvd.nist.gov

197

cisco

ata 190

analog telephone adapter

firmware

vulnerability

cisco discovery protocol

memory corruption

nvd

cve-2022-20689

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.
These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.

Affected configurations

NVD

Node

ciscoata_190_firmwareMatch-on-premises

AND

ciscoata_190Match-on-premises

Node

ciscoata_191_firmwareRange<11.2.2multiplatform

AND

ciscoata_191Match-multiplatform

Node

ciscoata_191_firmwareRange<12.0.1on-premises

ciscoata_191_firmwareMatch12.0.1-on-premises

ciscoata_191_firmwareMatch12.0.1sr1on-premises

ciscoata_191_firmwareMatch12.0.1sr2on-premises

ciscoata_191_firmwareMatch12.0.1sr3on-premises

ciscoata_191_firmwareMatch12.0.1sr4on-premises

AND

ciscoata_191Match-on-premises

Node

ciscoata_192_firmwareRange<11.2.2multiplatform

AND

ciscoata_192Match-multiplatform

CPENameOperatorVersion
cisco:ata_190_firmwarecisco ata 190 firmwareeq-

CPE	Name	Operator	Version
cisco:ata_190_firmware	cisco ata 190 firmware	eq	-

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Analog Telephone Adaptor (ATA) Software",
    "versions": [
      {
        "version": "1.2.1",
        "status": "affected"
      },
      {
        "version": "1.2.2 SR1",
        "status": "affected"
      },
      {
        "version": "1.2.2",
        "status": "affected"
      },
      {
        "version": "1.2.2 SR2",
        "status": "affected"
      },
      {
        "version": "11.1.0 MSR4",
        "status": "affected"
      },
      {
        "version": "11.1.0",
        "status": "affected"
      },
      {
        "version": "11.1.0 MSR1",
        "status": "affected"
      },
      {
        "version": "11.1.0 MSR2",
        "status": "affected"
      },
      {
        "version": "11.1.0 MSR3",
        "status": "affected"
      },
      {
        "version": "1.1.0",
        "status": "affected"
      },
      {
        "version": "1.1.1",
        "status": "affected"
      },
      {
        "version": "1.1.2",
        "status": "affected"
      },
      {
        "version": "12.0.1 SR2",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      },
      {
        "version": "12.0.1 SR1",
        "status": "affected"
      },
      {
        "version": "12.0.1 SR3",
        "status": "affected"
      },
      {
        "version": "12.0.1 SR4",
        "status": "affected"
      },
      {
        "version": "11.2.1",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs

Social References

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for CVE-2022-20689

prion1 cvelist1 nvd1 cisco1