CVE-2022-20766

Severity CVSS v4.0:

Pending analysis

Type:

CWE-125 Out-of-bounds Read

Publication date:

15/11/2024

Last modified:

18/11/2024

Description

A vulnerability in the Cisco&nbsp;Discovery Protocol functionality of Cisco&nbsp;ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.<br /> This vulnerability is due to an out-of-bounds read when processing Cisco&nbsp;Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco&nbsp;Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco&nbsp;has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS v3.1 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): Low

Base Score 3.x

5.30

Severity 3.x

MEDIUM

References to Advisories, Solutions, and Tools

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs