Multiple vulnerabilities in Cisco ATA 190, ATA 191 and ATA 192
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2022-20686 CVE-2022-20687 CVE-2022-20688 CVE-2022-20689 CVE-2022-20690 CVE-2022-20691 CVE-2022-20766 |
| CWE-ID | CWE-400 CWE-20 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
ATA 190 Analog Telephone Adapter Hardware solutions / Routers & switches, VoIP, GSM, etc ATA 191 Analog Telephone Adapter Hardware solutions / Routers & switches, VoIP, GSM, etc ATA 192 Multiplatform Analog Telephone Adapter Hardware solutions / Routers & switches, VoIP, GSM, etc ATA 191 Multiplatform Analog Telephone Adapter Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU67960
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20686
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the Link Layer Discovery Protocol (LLDP) functionality. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsATA 190 Analog Telephone Adapter: All versions
ATA 191 Analog Telephone Adapter: 12.0(1)SR4
ATA 192 Multiplatform Analog Telephone Adapter: 11.2.1
ATA 191 Multiplatform Analog Telephone Adapter: 11.2.1
CPE2.3- cpe:2.3:h:cisco_systems:ata_190_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:12.0(1)SR4:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU67961
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20687
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the Link Layer Discovery Protocol (LLDP) functionality. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsATA 190 Analog Telephone Adapter: All versions
ATA 191 Analog Telephone Adapter: 12.0(1)SR4
ATA 192 Multiplatform Analog Telephone Adapter: 11.2.1
ATA 191 Multiplatform Analog Telephone Adapter: 11.2.1
CPE2.3- cpe:2.3:h:cisco_systems:ata_190_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:12.0(1)SR4:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU67962
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20688
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing length validation of certain Cisco Discovery Protocol packet header fields. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsATA 190 Analog Telephone Adapter: All versions
ATA 191 Analog Telephone Adapter: 12.0(1)SR4
ATA 192 Multiplatform Analog Telephone Adapter: 11.2.1
ATA 191 Multiplatform Analog Telephone Adapter: 11.2.1
CPE2.3- cpe:2.3:h:cisco_systems:ata_190_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:12.0(1)SR4:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU67963
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20689
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary condition in the Cisco Discovery Protocol functionality. A remote attacker can cause corruption in the internal Cisco Discovery Protocol database of the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsATA 190 Analog Telephone Adapter: All versions
ATA 191 Analog Telephone Adapter: 12.0(1)SR4
ATA 192 Multiplatform Analog Telephone Adapter: 11.2.1
ATA 191 Multiplatform Analog Telephone Adapter: 11.2.1
CPE2.3- cpe:2.3:h:cisco_systems:ata_190_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:12.0(1)SR4:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU67964
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20690
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary condition in the Cisco Discovery Protocol functionality. A remote attacker can cause corruption in the internal Cisco Discovery Protocol database of the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsATA 190 Analog Telephone Adapter: All versions
ATA 191 Analog Telephone Adapter: 12.0(1)SR4
ATA 192 Multiplatform Analog Telephone Adapter: 11.2.1
ATA 191 Multiplatform Analog Telephone Adapter: 11.2.1
CPE2.3- cpe:2.3:h:cisco_systems:ata_190_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:12.0(1)SR4:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU67965
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20691
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing length validation of certain Cisco Discovery Protocol packet header fields. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsATA 190 Analog Telephone Adapter: All versions
ATA 191 Analog Telephone Adapter: 12.0(1)SR4
ATA 192 Multiplatform Analog Telephone Adapter: 11.2.1
ATA 191 Multiplatform Analog Telephone Adapter: 11.2.1
CPE2.3- cpe:2.3:h:cisco_systems:ata_190_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:12.0(1)SR4:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU67966
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the Cisco Discovery Protocol functionality. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsATA 190 Analog Telephone Adapter: All versions
ATA 191 Analog Telephone Adapter: 12.0(1)SR4
ATA 192 Multiplatform Analog Telephone Adapter: 11.2.1
ATA 191 Multiplatform Analog Telephone Adapter: 11.2.1
CPE2.3- cpe:2.3:h:cisco_systems:ata_190_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_analog_telephone_adapter:12.0(1)SR4:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_192_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:*:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
- cpe:2.3:h:cisco_systems:ata_191_multiplatform_analog_telephone_adapter:11.2.1:*:*:*:*:ata_190_series_analog_telephone_adapters:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
