CVE-2022-20686

CWE-130CWE-1284CWE-120Classic Buffer OverflowCWE-125Out-of-bounds ReadCWE-400Uncontrolled Resource ConsumptionCWE-94Code Injection4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.8%
top 25.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ATA 191 FirmwareCisco ATA 192 FirmwareCisco Cisco Analog Telephone Adaptor (ata) Software
Timeline
PublishedDec 12

Description

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDcisco/ata_191_firmware< 11.2.2+2

🔴Vulnerability Details

2
GHSA
GHSA-gx9f-qvh7-6mrg: Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could all2022-12-12
CVEList
CVE-2022-20686: Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could all2022-12-07

📋Vendor Advisories

1
Cisco
Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities2022-10-05
CVE-2022-20686 (MEDIUM CVSS 5.3) | Multiple vulnerabilities in the Lin | cvebase.io