Cisco ATA 190 Series Adaptive Telephone Adapter Vulnerability to Cause Denial of Service

CVE-2022-20766

5.3MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Analog Telephone Adaptor (ata) Software
Vendor: CVE Published:; 15 November 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Version(s)

Cisco Analog Telephone Adaptor (ATA) Software = 2.16(1)

Cisco Analog Telephone Adaptor (ATA) Software = 2.16(2)

Cisco Analog Telephone Adaptor (ATA) Software = 2.1(6)

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 15, 2024
Vulnerability Reserved.
Nov 2, 2021
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database