Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-20691

Опубликовано: 12 дек. 2022
Источник: nvd
CVSS3: 5.3
CVSS3: 6.5
EPSS Низкий

Описание

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:ata_190_firmware:-:*:*:*:on-premises:*:*:*
cpe:2.3:h:cisco:ata_190:-:*:*:*:on-premises:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:multiplatform:*:*:*
Версия до 11.2.2 (исключая)
cpe:2.3:h:cisco:ata_191:-:*:*:*:multiplatform:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:cisco:ata_191_firmware:*:*:*:*:on-premises:*:*:*
Версия до 12.0.1 (исключая)
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:-:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:sr1:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:sr2:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:sr3:*:*:on-premises:*:*:*
cpe:2.3:o:cisco:ata_191_firmware:12.0.1:sr4:*:*:on-premises:*:*:*
cpe:2.3:h:cisco:ata_191:-:*:*:*:on-premises:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:ata_192_firmware:*:*:*:*:multiplatform:*:*:*
Версия до 11.2.2 (исключая)
cpe:2.3:h:cisco:ata_192:-:*:*:*:multiplatform:*:*:*

EPSS

Процентиль: 67%
0.00542
Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-400
CWE-1284

Связанные уязвимости

github логотип

GHSA-3f75-4wmv-vpf2

CVSS3: 6.5
github
около 3 лет назад

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability.

fstec логотип

BDU:2022-06584

CVSS3: 5.3
fstec
больше 3 лет назад

Уязвимость реализации протокола Cisco Discovery Protocol микропрограммного обеспечения устройств IP-телефонии Cisco Analog Telephone Adapter (ATA) серии 190, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 67%
0.00542
Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-400
CWE-1284