Cisco ATA 190 Series Adaptive Telephone Adapter Vulnerability to Cause Denial of Service

CVE-2022-20766

5.3MEDIUM

Key Information

Vendor
Cisco
Status
Cisco Analog Telephone Adaptor (ata) Software
Vendor
CVE Published:
15 November 2024

Summary

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Version(s)

Cisco Analog Telephone Adaptor (ATA) Software = 2.16(1)

Cisco Analog Telephone Adaptor (ATA) Software = 2.16(2)

Cisco Analog Telephone Adaptor (ATA) Software = 2.1(6)

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.