PT-2022-6066 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter
Qian Chen
·
Published
2022-10-05
·
Updated
2024-01-25
·
CVE-2022-20688
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Cisco ATA 190 Series Analog Telephone Adapter (affected versions not specified)
Description
A vulnerability in the Cisco Discovery Protocol functionality could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the Cisco Discovery Protocol service to restart. This issue is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this by sending a malicious Cisco Discovery Protocol packet to an affected device, potentially allowing the attacker to execute code and cause the service to restart unexpectedly, resulting in a denial of service condition.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Ata 190 Series Analog Telephone Adapter