← Back

CVE-2022-20691

nvd nist
Published: Dec 12, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability.

Affected (9)

Cisco
3 products
Ata 190 Firmware
Ata 191 Firmware
Ata 192 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ata 190 Firmware
All versions
Running on/withPlatform Versions
Cisco
Ata 190
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ata 191 Firmware
Before 11.2.2
Running on/withPlatform Versions
Cisco
Ata 191
All versions
Configuration C
6 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ata 191 Firmware
Before 12.0.1
Ata 191 Firmware
Version 12.0.1
Ata 191 Firmware
Version 12.0.1 sr1
Ata 191 Firmware
Version 12.0.1 sr2
Ata 191 Firmware
Version 12.0.1 sr3
Ata 191 Firmware
Version 12.0.1 sr4
Running on/withPlatform Versions
Cisco
Ata 191
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ata 192 Firmware
Before 11.2.2
Running on/withPlatform Versions
Cisco
Ata 192
All versions

Related CWEs

CWE-1284
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.