March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Update – Microsoft Updates Mitigation for Exchange Server Zero-Days
October 7, 2022Rewterz Threat Advisory – ICS: Hitachi Storage Plug-in for VMware vCenter Vulnerability
October 7, 2022Rewterz Threat Update – Microsoft Updates Mitigation for Exchange Server Zero-Days
October 7, 2022Rewterz Threat Advisory – ICS: Hitachi Storage Plug-in for VMware vCenter Vulnerability
October 7, 2022
Severity
Medium
Analysis Summary
CVE-2022-20766 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by an out-of-bounds read flaw when processing Discovery Protocol packets. By sending specially-crafted Discovery Protocol packets, a remote attacker could exploit this vulnerability to cause a service to restart, and results in a denial of service condition.
CVE-2022-20691 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by improper length validation of certain Discovery Protocol packet header fields. By sending specially-crafted Discovery Protocol packets, a remote attacker could exploit this vulnerability to cause the device to exhaust available memory, and results in a denial of service condition.
CVE-2022-20690 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software could allow a remote attacker to execute arbitrary commands on the system, caused by improper length validation when processing Discovery Protocol messages. By sending a specially-crafted Discovery Protocol packet, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-20689 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software could allow a remote attacker to execute arbitrary commands on the system, caused by improper length validation when processing Discovery Protocol messages. By sending a specially-crafted Discovery Protocol packet, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-20688 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software could allow a remote attacker to execute arbitrary commands on the system, caused by improper length validation when processing Discovery Protocol messages. By sending a specially-crafted Discovery Protocol packet, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-20687 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by a flaw in the Link Layer Discovery Protocol (LLDP) function. By sending a specially-crafted LLDP packet, a remote attacker could exploit this vulnerability to cause LLDP to restart unexpectedly, and results in a denial of service condition.
CVE-2022-20686 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by a flaw in the Link Layer Discovery Protocol (LLDP) function. By sending a specially-crafted LLDP packet, a remote attacker could exploit this vulnerability to cause LLDP to restart unexpectedly, and results in a denial of service condition.
Impact
- Denial of Service
- Command Execution
Indicators Of Compromise
CVE
- CVE-2022-20766
- CVE-2022-20691
- CVE-2022-20690
- CVE-2022-20689
- CVE-2022-20688
- CVE-2022-20687
- CVE-2022-20686
Affected Vendors
Cisco
Affected Products
- Cisco ATA 190 Series Multiplatform (MPP) Software
- Cisco ATA 190 (On-premises only)
- Cisco ATA 191 (On-premises or Multiplatform)
- Cisco ATA 192 (Multiplatform only)
- Cisco ATA 190 Series On-Premises Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
Cisco Security Advisory