CVE-2022-20690
First published: Wed Dec 07 2022(Updated: )
Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Cisco ATA 190 firmware | ||
| Cisco ATA 190 Series Analog Telephone Adapter | ||
| All of | ||
| Cisco ATA 191 | <11.2.2 | |
| Cisco ATA | ||
| All of | ||
| Any of | ||
| Cisco ATA 191 | <12.0.1 | |
| Cisco ATA 191 | =12.0.1 | |
| Cisco ATA 191 | =12.0.1-sr1 | |
| Cisco ATA 191 | =12.0.1-sr2 | |
| Cisco ATA 191 | =12.0.1-sr3 | |
| Cisco ATA 191 | =12.0.1-sr4 | |
| Cisco ATA | ||
| All of | ||
| Cisco ATA 192 | <11.2.2 | |
| Cisco ATA | ||
| Cisco ATA 190 firmware | ||
| Cisco ATA 190 Series Analog Telephone Adapter | ||
| Cisco ATA 191 | <11.2.2 | |
| Cisco ATA | ||
| Cisco ATA 191 | <12.0.1 | |
| Cisco ATA 191 | =12.0.1 | |
| Cisco ATA 191 | =12.0.1-sr1 | |
| Cisco ATA 191 | =12.0.1-sr2 | |
| Cisco ATA 191 | =12.0.1-sr3 | |
| Cisco ATA 191 | =12.0.1-sr4 | |
| Cisco ATA | ||
| Cisco ATA 192 | <11.2.2 | |
| Cisco ATA |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-20690?
CVE-2022-20690 has a medium severity rating, allowing potential memory corruption on affected Cisco ATA devices.
How do I fix CVE-2022-20690?
To fix CVE-2022-20690, upgrade the Cisco ATA firmware to the latest version provided by Cisco.
What devices are affected by CVE-2022-20690?
CVE-2022-20690 affects the Cisco ATA 190 Series Analog Telephone Adapter.
Can CVE-2022-20690 be exploited remotely?
CVE-2022-20690 requires an adjacent attacker, meaning it cannot be exploited remotely over the Internet.
What kind of attack can CVE-2022-20690 facilitate?
CVE-2022-20690 allows for potential denial-of-service attacks due to memory corruption when exploiting the vulnerabilities.
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco ata 190 firmware
- canonical/cisco ata 190 series analog telephone adapter
- canonical/cisco ata 191
- canonical/cisco ata
- version/cisco ata 191/12.0.1
- version/cisco ata 191/12.0.1-sr1
- version/cisco ata 191/12.0.1-sr2
- version/cisco ata 191/12.0.1-sr3
- version/cisco ata 191/12.0.1-sr4
- canonical/cisco ata 192