Details of VAR-202210-0130

ID

VAR-202210-0130

CVE

CVE-2022-20690

TITLE

Vulnerability in multiple Cisco Systems products related to improper validation of quantities specified in inputs

Trust: 0.8

sources: JVNDB: JVNDB-2022-023363

DESCRIPTION

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device. Cisco Systems Cisco ATA 190 firmware, Cisco ATA 191 firmware, Cisco ATA 192 A vulnerability exists in the firmware related to improper validation of quantities specified in input.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ATA 190, ATA 191, ATA 192 is a Cisco ATA 190 series analog telephone adapter

Trust: 2.25

sources: NVD: CVE-2022-20690 // JVNDB: JVNDB-2022-023363 // CNVD: CNVD-2022-88177 // VULMON: CVE-2022-20690

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-88177

AFFECTED PRODUCTS

vendor:	cisco	model:	ata 190	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ata 191	scope:	eq	version:	12.0.1	Trust: 1.0
vendor:	cisco	model:	ata 191	scope:	lt	version:	11.2.2	Trust: 1.0
vendor:	cisco	model:	ata 191	scope:	lt	version:	12.0.1	Trust: 1.0
vendor:	cisco	model:	ata 192	scope:	lt	version:	11.2.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ata 190	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ata 191	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ata 192	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ata	scope:	eq	version:	190	Trust: 0.6
vendor:	cisco	model:	ata	scope:	eq	version:	191	Trust: 0.6
vendor:	cisco	model:	ata	scope:	eq	version:	192	Trust: 0.6

sources: CNVD: CNVD-2022-88177 // JVNDB: JVNDB-2022-023363 // NVD: CVE-2022-20690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20690
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20690
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20690
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-88177
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202210-139
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2022-88177
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-20690
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20690
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20690
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-88177 // JVNDB: JVNDB-2022-023363 // CNNVD: CNNVD-202210-139 // NVD: CVE-2022-20690 // NVD: CVE-2022-20690

PROBLEMTYPE DATA

problemtype:	CWE-130	Trust: 1.0
problemtype:	CWE-1284	Trust: 1.0
problemtype:	Improper validation of quantity specified in input (CWE-1284) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023363 // NVD: CVE-2022-20690

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202210-139

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-139

PATCH

title:	cisco-sa-ata19x-multivuln-GEZYVvs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs	Trust: 0.8
title:	Patch for Cisco ATA 190 Series Protocol Message Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/372441	Trust: 0.6
title:	Cisco ATA 190 Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=217649	Trust: 0.6
title:	Cisco: Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ata19x-multivuln-GEZYVvs	Trust: 0.1

sources: CNVD: CNVD-2022-88177 // VULMON: CVE-2022-20690 // JVNDB: JVNDB-2022-023363 // CNNVD: CNNVD-202210-139

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20690	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-023363	Trust: 0.8
db:	CNVD	id:	CNVD-2022-88177	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-139	Trust: 0.6
db:	VULMON	id:	CVE-2022-20690	Trust: 0.1

sources: CNVD: CNVD-2022-88177 // VULMON: CVE-2022-20690 // JVNDB: JVNDB-2022-023363 // CNNVD: CNNVD-202210-139 // NVD: CVE-2022-20690

REFERENCES

url:	https://vigilance.fr/vulnerability/cisco-ata-190-seven-vulnerabilities-39476	Trust: 1.2
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ata19x-multivuln-gezyvvs	Trust: 1.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ata19x-multivuln-gezyvvs	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20690	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20690/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-88177 // VULMON: CVE-2022-20690 // JVNDB: JVNDB-2022-023363 // CNNVD: CNNVD-202210-139 // NVD: CVE-2022-20690

SOURCES

db:	CNVD	id:	CNVD-2022-88177
db:	VULMON	id:	CVE-2022-20690
db:	JVNDB	id:	JVNDB-2022-023363
db:	CNNVD	id:	CNNVD-202210-139
db:	NVD	id:	CVE-2022-20690

LAST UPDATE DATE

2024-08-14T14:02:20.658000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-88177	date:	2022-12-18T00:00:00
db:	VULMON	id:	CVE-2022-20690	date:	2022-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-023363	date:	2023-11-28T07:44:00
db:	CNNVD	id:	CNNVD-202210-139	date:	2022-12-16T00:00:00
db:	NVD	id:	CVE-2022-20690	date:	2024-01-25T17:15:14.797

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-88177	date:	2022-10-05T00:00:00
db:	VULMON	id:	CVE-2022-20690	date:	2022-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-023363	date:	2023-11-28T00:00:00
db:	CNNVD	id:	CNNVD-202210-139	date:	2022-10-05T00:00:00
db:	NVD	id:	CVE-2022-20690	date:	2022-12-12T09:15:12.477