Request a Demo
Rewterz
Rewterz Threat Update – Microsoft Updates Mitigation for Exchange Server Zero-Days
October 7, 2022
Rewterz
Rewterz Threat Advisory – ICS: Hitachi Storage Plug-in for VMware vCenter Vulnerability
October 7, 2022

Rewterz Threat Advisory – Multiple Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-20766 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by an out-of-bounds read flaw when processing Discovery Protocol packets. By sending specially-crafted Discovery Protocol packets, a remote attacker could exploit this vulnerability to cause a service to restart, and results in a denial of service condition.

CVE-2022-20691 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by improper length validation of certain Discovery Protocol packet header fields. By sending specially-crafted Discovery Protocol packets, a remote attacker could exploit this vulnerability to cause the device to exhaust available memory, and results in a denial of service condition.

CVE-2022-20690 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software could allow a remote attacker to execute arbitrary commands on the system, caused by improper length validation when processing Discovery Protocol messages. By sending a specially-crafted Discovery Protocol packet, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2022-20689 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software could allow a remote attacker to execute arbitrary commands on the system, caused by improper length validation when processing Discovery Protocol messages. By sending a specially-crafted Discovery Protocol packet, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2022-20688 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software could allow a remote attacker to execute arbitrary commands on the system, caused by improper length validation when processing Discovery Protocol messages. By sending a specially-crafted Discovery Protocol packet, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2022-20687 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by a flaw in the Link Layer Discovery Protocol (LLDP) function. By sending a specially-crafted LLDP packet, a remote attacker could exploit this vulnerability to cause LLDP to restart unexpectedly, and results in a denial of service condition.

CVE-2022-20686 CVSS:5.3
Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by a flaw in the Link Layer Discovery Protocol (LLDP) function. By sending a specially-crafted LLDP packet, a remote attacker could exploit this vulnerability to cause LLDP to restart unexpectedly, and results in a denial of service condition.

Impact

  • Denial of Service
  • Command Execution

Indicators Of Compromise

CVE

  • CVE-2022-20766
  • CVE-2022-20691
  • CVE-2022-20690
  • CVE-2022-20689
  • CVE-2022-20688
  • CVE-2022-20687
  • CVE-2022-20686

Affected Vendors

Cisco

Affected Products

  • Cisco ATA 190 Series Multiplatform (MPP) Software
  • Cisco ATA 190 (On-premises only)
  • Cisco ATA 191 (On-premises or Multiplatform)
  • Cisco ATA 192 (Multiplatform only)
  • Cisco ATA 190 Series On-Premises Software

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information. 
Cisco Security Advisory