CVE-2022-20687

Name of the Vulnerable Software and Affected Versions Cisco ATA 190 Series Analog Telephone Adapter (affected versions not specified)

Description The issue is related to the Link Layer Discovery Protocol (LLDP) functionality and Cisco Discovery Protocol implementation in the firmware of Cisco Analog Telephone Adapter (ATA) series 190 devices. It is caused by missing length validation of certain LLDP packet header fields and a buffer overflow read in memory. An unauthenticated, remote attacker could exploit this by sending a malicious LLDP packet to an affected device, potentially allowing the execution of arbitrary code on the device and causing the LLDP service to restart unexpectedly. This could result in a denial of service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.