Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for ata_190_firmware by cisco

    CVE-2022-20691 (GCVE-0-2022-20691)

    Vulnerability from nvd – Published: 2022-12-07 16:56 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1(4)
    Affected: 1.1.2
    Affected: 2.1(6)
    Affected: 2.1(5)
    Affected: 2.16(2)
    Affected: 2.16(1)
    Affected: 3.2(0)
    Affected: 3.2(4)
    Affected: 3.2(3)
    Affected: 3.2(1)
    Affected: 2.15
    Affected: 2.14
    Affected: 1.34
    Affected: 1.0(0)
    Affected: 3.1(1)
    Affected: 3.1(0)
    Affected: 3.1(2)
    Affected: 3.0(0)
    Affected: 9.2(3)
    Affected: 9.2(1)
    Affected: 9.0(3)
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1(4)"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "2.1(6)"
                },
                {
                  "status": "affected",
                  "version": "2.1(5)"
                },
                {
                  "status": "affected",
                  "version": "2.16(2)"
                },
                {
                  "status": "affected",
                  "version": "2.16(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(0)"
                },
                {
                  "status": "affected",
                  "version": "3.2(4)"
                },
                {
                  "status": "affected",
                  "version": "3.2(3)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.15"
                },
                {
                  "status": "affected",
                  "version": "2.14"
                },
                {
                  "status": "affected",
                  "version": "1.34"
                },
                {
                  "status": "affected",
                  "version": "1.0(0)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.1(0)"
                },
                {
                  "status": "affected",
                  "version": "3.1(2)"
                },
                {
                  "status": "affected",
                  "version": "3.0(0)"
                },
                {
                  "status": "affected",
                  "version": "9.2(3)"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device.\r\n This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart.\r\n Cisco has released firmware updates that address this vulnerability.  \r\n"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:06.431Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCwa24837",
              "CSCwa24842"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20691",
        "datePublished": "2022-12-07T16:56:12.208Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-08-03T02:17:53.194Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20690 (GCVE-0-2022-20690)

    Vulnerability from nvd – Published: 2022-12-07 16:56 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.\r\n These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:06.109Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20690",
        "datePublished": "2022-12-07T16:56:01.303Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-08-03T02:17:53.199Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20689 (GCVE-0-2022-20689)

    Vulnerability from nvd – Published: 2022-12-07 16:54 – Updated: 2024-11-01 18:48
    VLAI
    Summary
    Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:43:44.616382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:48:47.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.\r\n These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:05.802Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20689",
        "datePublished": "2022-12-07T16:54:44.983Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-11-01T18:48:47.416Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20688 (GCVE-0-2022-20688)

    Vulnerability from nvd – Published: 2022-12-07 16:54 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart.\r\n This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:05.437Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20688",
        "datePublished": "2022-12-07T16:54:29.260Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-08-03T02:17:53.195Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20687 (GCVE-0-2022-20687)

    Vulnerability from nvd – Published: 2022-12-07 16:53 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.030Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart.\r\n These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:05.118Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20687",
        "datePublished": "2022-12-07T16:53:31.642Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-08-03T02:17:53.030Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20686 (GCVE-0-2022-20686)

    Vulnerability from nvd – Published: 2022-12-07 16:53 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.079Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart.\r\n These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:04.808Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20686",
        "datePublished": "2022-12-07T16:53:06.603Z",
        "dateReserved": "2021-11-02T13:28:29.055Z",
        "dateUpdated": "2024-08-03T02:17:53.079Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34735 (GCVE-0-2021-34735)

    Vulnerability from nvd – Published: 2021-10-06 19:46 – Updated: 2024-11-07 21:48
    VLAI
    Title
    Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
    Summary
    Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34735",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:42:56.001211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:48:32.303Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-06T19:46:26.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-A4J57F3",
            "defect": [
              [
                "CSCvw22570",
                "CSCvw25739",
                "CSCvw25740",
                "CSCvx48193"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-10-06T16:00:00",
              "ID": "CVE-2021-34735",
              "STATE": "PUBLIC",
              "TITLE": "Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Analog Telephone Adaptor (ATA) Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "8.8",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-770"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ata19x-multivuln-A4J57F3",
              "defect": [
                [
                  "CSCvw22570",
                  "CSCvw25739",
                  "CSCvw25740",
                  "CSCvx48193"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34735",
        "datePublished": "2021-10-06T19:46:26.847Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:48:32.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34710 (GCVE-0-2021-34710)

    Vulnerability from nvd – Published: 2021-10-06 19:46 – Updated: 2024-11-07 21:48
    VLAI
    Title
    Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
    Summary
    Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34710",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:42:54.635734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:48:18.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-06T19:46:37.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-A4J57F3",
            "defect": [
              [
                "CSCvw22570",
                "CSCvw25739",
                "CSCvw25740",
                "CSCvx48193"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-10-06T16:00:00",
              "ID": "CVE-2021-34710",
              "STATE": "PUBLIC",
              "TITLE": "Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Analog Telephone Adaptor (ATA) Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "8.8",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-770"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ata19x-multivuln-A4J57F3",
              "defect": [
                [
                  "CSCvw22570",
                  "CSCvw25739",
                  "CSCvw25740",
                  "CSCvx48193"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34710",
        "datePublished": "2021-10-06T19:46:37.306Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:48:18.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20691 (GCVE-0-2022-20691)

    Vulnerability from cvelistv5 – Published: 2022-12-07 16:56 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1(4)
    Affected: 1.1.2
    Affected: 2.1(6)
    Affected: 2.1(5)
    Affected: 2.16(2)
    Affected: 2.16(1)
    Affected: 3.2(0)
    Affected: 3.2(4)
    Affected: 3.2(3)
    Affected: 3.2(1)
    Affected: 2.15
    Affected: 2.14
    Affected: 1.34
    Affected: 1.0(0)
    Affected: 3.1(1)
    Affected: 3.1(0)
    Affected: 3.1(2)
    Affected: 3.0(0)
    Affected: 9.2(3)
    Affected: 9.2(1)
    Affected: 9.0(3)
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1(4)"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "2.1(6)"
                },
                {
                  "status": "affected",
                  "version": "2.1(5)"
                },
                {
                  "status": "affected",
                  "version": "2.16(2)"
                },
                {
                  "status": "affected",
                  "version": "2.16(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(0)"
                },
                {
                  "status": "affected",
                  "version": "3.2(4)"
                },
                {
                  "status": "affected",
                  "version": "3.2(3)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.15"
                },
                {
                  "status": "affected",
                  "version": "2.14"
                },
                {
                  "status": "affected",
                  "version": "1.34"
                },
                {
                  "status": "affected",
                  "version": "1.0(0)"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.1(0)"
                },
                {
                  "status": "affected",
                  "version": "3.1(2)"
                },
                {
                  "status": "affected",
                  "version": "3.0(0)"
                },
                {
                  "status": "affected",
                  "version": "9.2(3)"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device.\r\n This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart.\r\n Cisco has released firmware updates that address this vulnerability.  \r\n"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:06.431Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCwa24837",
              "CSCwa24842"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20691",
        "datePublished": "2022-12-07T16:56:12.208Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-08-03T02:17:53.194Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20690 (GCVE-0-2022-20690)

    Vulnerability from cvelistv5 – Published: 2022-12-07 16:56 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.\r\n These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:06.109Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20690",
        "datePublished": "2022-12-07T16:56:01.303Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-08-03T02:17:53.199Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20689 (GCVE-0-2022-20689)

    Vulnerability from cvelistv5 – Published: 2022-12-07 16:54 – Updated: 2024-11-01 18:48
    VLAI
    Summary
    Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:43:44.616382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:48:47.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.\r\n These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:05.802Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20689",
        "datePublished": "2022-12-07T16:54:44.983Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-11-01T18:48:47.416Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20688 (GCVE-0-2022-20688)

    Vulnerability from cvelistv5 – Published: 2022-12-07 16:54 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart.\r\n This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:05.437Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20688",
        "datePublished": "2022-12-07T16:54:29.260Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-08-03T02:17:53.195Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20687 (GCVE-0-2022-20687)

    Vulnerability from cvelistv5 – Published: 2022-12-07 16:53 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.030Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart.\r\n These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:05.118Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20687",
        "datePublished": "2022-12-07T16:53:31.642Z",
        "dateReserved": "2021-11-02T13:28:29.056Z",
        "dateUpdated": "2024-08-03T02:17:53.030Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20686 (GCVE-0-2022-20686)

    Vulnerability from cvelistv5 – Published: 2022-12-07 16:53 – Updated: 2024-08-03 02:17
    VLAI
    Summary
    Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Analog Telephone Adaptor (ATA) Software Affected: 1.2.1
    Affected: 1.2.2 SR1
    Affected: 1.2.2
    Affected: 1.2.2 SR2
    Affected: 11.1.0 MSR4
    Affected: 11.1.0
    Affected: 11.1.0 MSR1
    Affected: 11.1.0 MSR2
    Affected: 11.1.0 MSR3
    Affected: 1.1.0
    Affected: 1.1.1
    Affected: 1.1.2
    Affected: 12.0.1 SR2
    Affected: 12.0.1
    Affected: 12.0.1 SR1
    Affected: 12.0.1 SR3
    Affected: 12.0.1 SR4
    Affected: 11.2.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.079Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.2 SR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR4"
                },
                {
                  "status": "affected",
                  "version": "11.1.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.1.0 MSR3"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR3"
                },
                {
                  "status": "affected",
                  "version": "12.0.1 SR4"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart.\r\n These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:04.808Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ata19x-multivuln-GEZYVvs",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
            "defects": [
              "CSCvz93493",
              "CSCvz91984",
              "CSCvz93504"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20686",
        "datePublished": "2022-12-07T16:53:06.603Z",
        "dateReserved": "2021-11-02T13:28:29.055Z",
        "dateUpdated": "2024-08-03T02:17:53.079Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34710 (GCVE-0-2021-34710)

    Vulnerability from cvelistv5 – Published: 2021-10-06 19:46 – Updated: 2024-11-07 21:48
    VLAI
    Title
    Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
    Summary
    Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34710",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:42:54.635734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:48:18.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-06T19:46:37.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-A4J57F3",
            "defect": [
              [
                "CSCvw22570",
                "CSCvw25739",
                "CSCvw25740",
                "CSCvx48193"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-10-06T16:00:00",
              "ID": "CVE-2021-34710",
              "STATE": "PUBLIC",
              "TITLE": "Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Analog Telephone Adaptor (ATA) Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "8.8",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-770"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ata19x-multivuln-A4J57F3",
              "defect": [
                [
                  "CSCvw22570",
                  "CSCvw25739",
                  "CSCvw25740",
                  "CSCvx48193"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34710",
        "datePublished": "2021-10-06T19:46:37.306Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:48:18.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34735 (GCVE-0-2021-34735)

    Vulnerability from cvelistv5 – Published: 2021-10-06 19:46 – Updated: 2024-11-07 21:48
    VLAI
    Title
    Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
    Summary
    Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34735",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:42:56.001211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:48:32.303Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Analog Telephone Adaptor (ATA) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-06T19:46:26.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ata19x-multivuln-A4J57F3",
            "defect": [
              [
                "CSCvw22570",
                "CSCvw25739",
                "CSCvw25740",
                "CSCvx48193"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-10-06T16:00:00",
              "ID": "CVE-2021-34735",
              "STATE": "PUBLIC",
              "TITLE": "Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Analog Telephone Adaptor (ATA) Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "8.8",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-770"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211006 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ata19x-multivuln-A4J57F3",
              "defect": [
                [
                  "CSCvw22570",
                  "CSCvw25739",
                  "CSCvw25740",
                  "CSCvx48193"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34735",
        "datePublished": "2021-10-06T19:46:26.847Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:48:32.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }