Cisco ATA 190 Series Adaptive Telephone Adapter Vulnerability to Cause Denial of Service
CVE-2022-20766

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Analog Telephone Adaptor (ata) Software
Vendor: CVE Published:; 15 November 2024

Summary

A vulnerability exists within the Cisco Discovery Protocol functionality of the Cisco ATA 190 Series Adaptive Telephone Adapter firmware. This issue permits unauthenticated, remote attackers to trigger a denial of service condition on the affected devices. The flaw originates from an out-of-bounds read when processing specially crafted Cisco Discovery Protocol packets. An attacker can exploit this weakness by sending these malicious packets, potentially leading to a service restart. Cisco has issued firmware updates to mitigate this vulnerability, and no workarounds are available to address the issue.

Affected Version(s)

Cisco Analog Telephone Adaptor (ATA) Software 2.16(1)

Cisco Analog Telephone Adaptor (ATA) Software 2.16(2)

Cisco Analog Telephone Adaptor (ATA) Software 2.1(6)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021