Sign-up

ID

VAR-202210-0441


CVE

CVE-2022-20688


TITLE

Vulnerability in multiple Cisco Systems products related to improper validation of quantities specified in inputs

Trust: 0.8

sources: JVNDB: JVNDB-2022-023357

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition. Cisco Systems Cisco ATA 190 firmware, Cisco ATA 191 firmware, Cisco ATA 192 A vulnerability exists in the firmware related to improper validation of quantities specified in input.Service operation interruption (DoS) It may be in a state. ATA 190, ATA 191, ATA 192 is a Cisco ATA 190 series analog telephone adapter

Trust: 2.25

sources: NVD: CVE-2022-20688 // JVNDB: JVNDB-2022-023357 // CNVD: CNVD-2022-88176 // VULMON: CVE-2022-20688

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-88176

AFFECTED PRODUCTS

vendor:ciscomodel:ata 190scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ata 191scope:eqversion:12.0.1

Trust: 1.0

vendor:ciscomodel:ata 191scope:ltversion:11.2.2

Trust: 1.0

vendor:ciscomodel:ata 191scope:ltversion:12.0.1

Trust: 1.0

vendor:ciscomodel:ata 192scope:ltversion:11.2.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco ata 190scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ata 191scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ata 192scope: - version: -

Trust: 0.8

vendor:ciscomodel:atascope:eqversion:190

Trust: 0.6

vendor:ciscomodel:atascope:eqversion:191

Trust: 0.6

vendor:ciscomodel:atascope:eqversion:192

Trust: 0.6

sources: CNVD: CNVD-2022-88176 // JVNDB: JVNDB-2022-023357 // NVD: CVE-2022-20688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20688
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20688
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20688
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-88176
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202210-141
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2022-88176
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-20688
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2022-20688
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-88176 // JVNDB: JVNDB-2022-023357 // CNNVD: CNNVD-202210-141 // NVD: CVE-2022-20688 // NVD: CVE-2022-20688

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:CWE-1284

Trust: 1.0

problemtype:Improper validation of quantity specified in input (CWE-1284) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023357 // NVD: CVE-2022-20688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-141

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-141

PATCH

title:cisco-sa-ata19x-multivuln-GEZYVvsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs

Trust: 0.8

title:Patch for Cisco ATA 190 Series Protocol Packet Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/372436

Trust: 0.6

title:Cisco ATA 190 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=217651

Trust: 0.6

title:Cisco: Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ata19x-multivuln-GEZYVvs

Trust: 0.1

sources: CNVD: CNVD-2022-88176 // VULMON: CVE-2022-20688 // JVNDB: JVNDB-2022-023357 // CNNVD: CNNVD-202210-141

EXTERNAL IDS

db:NVDid:CVE-2022-20688

Trust: 3.9

db:JVNDBid:JVNDB-2022-023357

Trust: 0.8

db:CNVDid:CNVD-2022-88176

Trust: 0.6

db:CNNVDid:CNNVD-202210-141

Trust: 0.6

db:VULMONid:CVE-2022-20688

Trust: 0.1

sources: CNVD: CNVD-2022-88176 // VULMON: CVE-2022-20688 // JVNDB: JVNDB-2022-023357 // CNNVD: CNNVD-202210-141 // NVD: CVE-2022-20688

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ata19x-multivuln-gezyvvs

Trust: 2.0

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ata19x-multivuln-gezyvvs

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-20688

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ata-190-seven-vulnerabilities-39476

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20688/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-88176 // VULMON: CVE-2022-20688 // JVNDB: JVNDB-2022-023357 // CNNVD: CNNVD-202210-141 // NVD: CVE-2022-20688

SOURCES

db:CNVDid:CNVD-2022-88176
db:VULMONid:CVE-2022-20688
db:JVNDBid:JVNDB-2022-023357
db:CNNVDid:CNNVD-202210-141
db:NVDid:CVE-2022-20688

LAST UPDATE DATE

2024-08-14T14:43:41.230000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-88176date:2022-12-18T00:00:00
db:VULMONid:CVE-2022-20688date:2022-12-12T00:00:00
db:JVNDBid:JVNDB-2022-023357date:2023-11-28T07:43:00
db:CNNVDid:CNNVD-202210-141date:2022-12-16T00:00:00
db:NVDid:CVE-2022-20688date:2024-01-25T17:15:14.540

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-88176date:2022-12-16T00:00:00
db:VULMONid:CVE-2022-20688date:2022-12-12T00:00:00
db:JVNDBid:JVNDB-2022-023357date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202210-141date:2022-10-05T00:00:00
db:NVDid:CVE-2022-20688date:2022-12-12T09:15:12.347