CVE-2022-20766

MEDIUM

Cisco ATA 190 Series - DoS

Title source: llm

Description

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

References (1)

Core 1

Core References

Various Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs

Scores

CVSS v3 5.3

EPSS 0.0028

EPSS Percentile 51.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (38)

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.0(0)

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.1(4)

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.1.0

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.1.1

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.1.2

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.2.1

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.2.2

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.2.2 SR1

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.2.2 SR2

Cisco/Cisco Analog Telephone Adaptor (ATA) Software 1.34

... and 28 more

Published Nov 15, 2024

Tracked Since Feb 18, 2026