CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20690
https://notcve.org/view.php?id=CVE-2022-20690
07 Dec 2022 — Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful ex... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20689
https://notcve.org/view.php?id=CVE-2022-20689
07 Dec 2022 — Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful ex... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20688
https://notcve.org/view.php?id=CVE-2022-20688
07 Dec 2022 — A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-125: Out-of-bounds Read CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20687
https://notcve.org/view.php?id=CVE-2022-20687
07 Dec 2022 — Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20686
https://notcve.org/view.php?id=CVE-2022-20686
07 Dec 2022 — Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.4EPSS: 0%CPEs: 22EXPL: 0CVE-2022-20817 – Cisco IP Phone Duplicate Key Vulnerability
https://notcve.org/view.php?id=CVE-2022-20817
15 Jun 2022 — A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 9.0EPSS: 5%CPEs: 6EXPL: 0CVE-2021-34710 – Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34710
06 Oct 2021 — Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Software de Cisco ATA 190 Series Analog Telephone Adapter podrían permitir a un atacante llevar a cabo un ataque de inyección de comand... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2021-34735 – Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34735
06 Oct 2021 — Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Software de Cisco ATA 190 Series Analog Telephone Adapter podrían permitir a un atacante llevar a cabo un ataque de inyección de comand... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1111
https://notcve.org/view.php?id=CVE-2013-1111
13 Feb 2013 — The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. El Cisco ATA 187 Analog Telephone Adaptor con el firmware v9.2.1.0 y v9.2.3.1 antes ES build 4 no aplica correctamente el control de acceso, lo que permite a atacantes remotos ejecutar comandos del sistema operativo a través de vecto... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2005-4794
https://notcve.org/view.php?id=CVE-2005-4794
31 Dec 2005 — Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. • http://secunia.com/advisories/15472 •