Details of VAR-202210-0129

ID

VAR-202210-0129

CVE

CVE-2022-20687

TITLE

Vulnerability in multiple Cisco Systems products related to improper validation of quantities specified in inputs

Trust: 0.8

sources: JVNDB: JVNDB-2022-023358

DESCRIPTION

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition. Cisco Systems Cisco ATA 190 firmware, Cisco ATA 191 firmware, Cisco ATA 192 A vulnerability exists in the firmware related to improper validation of quantities specified in input.Service operation interruption (DoS) It may be in a state. Cisco ATA 190 is an analog telephone adapter of Cisco (Cisco)

Trust: 2.25

sources: NVD: CVE-2022-20687 // JVNDB: JVNDB-2022-023358 // CNVD: CNVD-2022-87600 // VULMON: CVE-2022-20687

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-87600

AFFECTED PRODUCTS

vendor:	cisco	model:	ata 190	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ata 191	scope:	eq	version:	12.0.1	Trust: 1.0
vendor:	cisco	model:	ata 191	scope:	lt	version:	11.2.2	Trust: 1.0
vendor:	cisco	model:	ata 191	scope:	lt	version:	12.0.1	Trust: 1.0
vendor:	cisco	model:	ata 192	scope:	lt	version:	11.2.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ata 190	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ata 191	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ata 192	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ata	scope:	eq	version:	190	Trust: 0.6

sources: CNVD: CNVD-2022-87600 // JVNDB: JVNDB-2022-023358 // NVD: CVE-2022-20687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20687
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20687
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20687
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-87600
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202210-144
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-87600
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-20687
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20687
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-87600 // JVNDB: JVNDB-2022-023358 // CNNVD: CNNVD-202210-144 // NVD: CVE-2022-20687 // NVD: CVE-2022-20687

PROBLEMTYPE DATA

problemtype:	CWE-1284	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Improper validation of quantity specified in input (CWE-1284) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023358 // NVD: CVE-2022-20687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-144

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-144

PATCH

title:	cisco-sa-ata19x-multivuln-GEZYVvs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs	Trust: 0.8
title:	Patch for Cisco ATA 190 LLDP Packet Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/371451	Trust: 0.6
title:	Cisco ATA 190 Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=217652	Trust: 0.6
title:	Cisco: Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ata19x-multivuln-GEZYVvs	Trust: 0.1

sources: CNVD: CNVD-2022-87600 // VULMON: CVE-2022-20687 // JVNDB: JVNDB-2022-023358 // CNNVD: CNNVD-202210-144

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20687	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-023358	Trust: 0.8
db:	CNVD	id:	CNVD-2022-87600	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-144	Trust: 0.6
db:	VULMON	id:	CVE-2022-20687	Trust: 0.1

sources: CNVD: CNVD-2022-87600 // VULMON: CVE-2022-20687 // JVNDB: JVNDB-2022-023358 // CNNVD: CNNVD-202210-144 // NVD: CVE-2022-20687

REFERENCES

url:	https://vigilance.fr/vulnerability/cisco-ata-190-seven-vulnerabilities-39476	Trust: 1.2
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ata19x-multivuln-gezyvvs	Trust: 1.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ata19x-multivuln-gezyvvs	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20687	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20687/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-87600 // VULMON: CVE-2022-20687 // JVNDB: JVNDB-2022-023358 // CNNVD: CNNVD-202210-144 // NVD: CVE-2022-20687

SOURCES

db:	CNVD	id:	CNVD-2022-87600
db:	VULMON	id:	CVE-2022-20687
db:	JVNDB	id:	JVNDB-2022-023358
db:	CNNVD	id:	CNNVD-202210-144
db:	NVD	id:	CVE-2022-20687

LAST UPDATE DATE

2024-08-14T15:16:28.447000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-87600	date:	2022-12-14T00:00:00
db:	VULMON	id:	CVE-2022-20687	date:	2022-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-023358	date:	2023-11-28T07:43:00
db:	CNNVD	id:	CNNVD-202210-144	date:	2022-12-16T00:00:00
db:	NVD	id:	CVE-2022-20687	date:	2024-01-25T17:15:14.410

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-87600	date:	2022-12-14T00:00:00
db:	VULMON	id:	CVE-2022-20687	date:	2022-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-023358	date:	2023-11-28T00:00:00
db:	CNNVD	id:	CNNVD-202210-144	date:	2022-10-05T00:00:00
db:	NVD	id:	CVE-2022-20687	date:	2022-12-12T09:15:12.280