CVE-2022-20686
Last modified
CVE-2022-20686 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. EPSS estimates a 0.93% chance of exploitation in the next 30 days.
Description
Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ata 190 Firmware | All versions |
| Cisco | Ata 191 Firmware | < 11.2.2 |
| Cisco | Ata 191 Firmware | < 12.0.1 |
| Cisco | Ata 191 Firmware | 12.0.1 |
| Cisco | Ata 192 Firmware | < 11.2.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-20686?
How severe is CVE-2022-20686?
How do I fix CVE-2022-20686?
Are you affected by CVE-2022-20686?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST