CVE-2022-20766
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 2.16(1) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 2.16(2) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 2.1(6) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 2.14 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 3.2(0) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.1(4) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 2.1(5) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 3.2(1) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 2.15 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.0(0) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.34 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 3.1(1) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 3.2(4) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 3.0(0) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 3.2(3) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 3.1(0) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 3.1(2) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.2.1 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.2.2 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.2.2 SR1 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.1.2 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.1.0 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.1.1 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 9.0(3) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 9.2(3) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 9.2(1) | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 12.0.1 SR2 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 11.1.0 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 12.0.1 SR1 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 11.1.0 MSR1 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 12.0.1 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 11.1.0 MSR2 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 11.1.0 MSR3 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 1.2.2 SR2 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 11.1.0 MSR4 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 12.0.1 SR3 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 11.2.1 | affected |
| Cisco | Cisco Analog Telephone Adaptor (ATA) Software | 12.0.1 SR4 | affected |
Weaknesses
- CWE-125: Out-of-bounds Read
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.