CVE-2022-20688
First published: Wed Dec 07 2022(Updated: )
A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Ata 190 Firmware | ||
| Cisco ATA 190 | ||
| Cisco Ata 191 Firmware | <11.2.2 | |
| Cisco Ata 191 | ||
| Cisco Ata 191 Firmware | <12.0.1 | |
| Cisco Ata 191 Firmware | =12.0.1 | |
| Cisco Ata 191 Firmware | =12.0.1-sr1 | |
| Cisco Ata 191 Firmware | =12.0.1-sr2 | |
| Cisco Ata 191 Firmware | =12.0.1-sr3 | |
| Cisco Ata 191 Firmware | =12.0.1-sr4 | |
| Cisco Ata 191 | ||
| Cisco Ata 192 Firmware | <11.2.2 | |
| Cisco Ata 192 | ||
| All of | ||
| Cisco Ata 190 Firmware | ||
| Cisco ATA 190 | ||
| All of | ||
| Cisco Ata 191 Firmware | <11.2.2 | |
| Cisco Ata 191 | ||
| All of | ||
| Any of | ||
| Cisco Ata 191 Firmware | <12.0.1 | |
| Cisco Ata 191 Firmware | =12.0.1 | |
| Cisco Ata 191 Firmware | =12.0.1-sr1 | |
| Cisco Ata 191 Firmware | =12.0.1-sr2 | |
| Cisco Ata 191 Firmware | =12.0.1-sr3 | |
| Cisco Ata 191 Firmware | =12.0.1-sr4 | |
| Cisco Ata 191 | ||
| All of | ||
| Cisco Ata 192 Firmware | <11.2.2 | |
| Cisco Ata 192 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-20688 vulnerability?
CVE-2022-20688 is a vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the Cisco Discovery Protocol service to restart.
How severe is CVE-2022-20688 vulnerability?
CVE-2022-20688 vulnerability has a severity rating of 5.3, which is considered medium.
Which software is affected by CVE-2022-20688 vulnerability?
The Cisco ATA 190 Series Analog Telephone Adapter firmware versions are affected by CVE-2022-20688 vulnerability.
How can an attacker exploit CVE-2022-20688 vulnerability?
An unauthenticated, remote attacker can exploit CVE-2022-20688 vulnerability by executing arbitrary code on an affected device and causing the Cisco Discovery Protocol service to restart.
Is there a fix available for CVE-2022-20688 vulnerability?
Yes, Cisco has released firmware updates to address the CVE-2022-20688 vulnerability. It is recommended to upgrade to the latest firmware version provided by Cisco.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco ata 190 firmware
- canonical/cisco ata 190
- canonical/cisco ata 191 firmware
- canonical/cisco ata 191
- version/cisco ata 191 firmware/12.0.1
- version/cisco ata 191 firmware/12.0.1-sr1
- version/cisco ata 191 firmware/12.0.1-sr2
- version/cisco ata 191 firmware/12.0.1-sr3
- version/cisco ata 191 firmware/12.0.1-sr4
- canonical/cisco ata 192 firmware
- canonical/cisco ata 192