CVE-2022-20686

Name of the Vulnerable Software and Affected Versions Cisco ATA 190 Series Analog Telephone Adapter (affected versions not specified)

Description The issue is related to the implementation of the Link Layer Discovery Protocol (LLDP) functionality in the firmware of Cisco Analog Telephone Adapter (ATA) series 190 devices. It is caused by missing length validation of certain LLDP packet header fields. An attacker could exploit this by sending a malicious LLDP packet to an affected device, potentially allowing them to execute arbitrary code on the device and cause the LLDP service to restart, resulting in a denial of service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.