CVE-2022-20689

Name of the Vulnerable Software and Affected Versions Cisco ATA 190 Series Analog Telephone Adapter (affected versions not specified)

Description The issue is related to the implementation of the Cisco Discovery Protocol in the firmware of Cisco Analog Telephone Adapter (ATA) series 190 devices. It is caused by a lack of input data validation, which could allow a remote attacker to impact the integrity of protected information. The vulnerability is due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit this by sending a malicious Cisco Discovery Protocol packet to an affected device, potentially causing an out-of-bounds read of valid packet data and leading to corruption in the internal Cisco Discovery Protocol database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.