CVE-2022-20686

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:ata_190_firmware:-:*:*:*:on-premises:*:*:*
cpe:2.3:h:cisco:ata_190:-:*:*:*:on-premises:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:multiplatform:*:*:*
cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:-:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:sr1:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:sr2:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:sr3:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:sr4:*:*:on-premises:*:*:*
cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:multiplatform:*:*:*
cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:*

History

25 Jan 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs', 'name': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs -

07 Nov 2023, 03:42

Type Values Removed Values Added
Summary Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition. Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-94 CWE-1284

Information

Published : 2022-12-12 09:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-20686

Mitre link : CVE-2022-20686

CVE.ORG link : CVE-2022-20686


JSON object : View

Products Affected

cisco

  • ata_191_firmware
  • ata_190_firmware
  • ata_190
  • ata_192
  • ata_191
  • ata_192_firmware
CWE
CWE-1284

Improper Validation of Specified Quantity in Input

CWE-130

Improper Handling of Length Parameter Inconsistency