CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20691
https://notcve.org/view.php?id=CVE-2022-20691
07 Dec 2022 — A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20690
https://notcve.org/view.php?id=CVE-2022-20690
07 Dec 2022 — Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful ex... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20689
https://notcve.org/view.php?id=CVE-2022-20689
07 Dec 2022 — Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful ex... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20688
https://notcve.org/view.php?id=CVE-2022-20688
07 Dec 2022 — A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-125: Out-of-bounds Read CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20687
https://notcve.org/view.php?id=CVE-2022-20687
07 Dec 2022 — Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20686
https://notcve.org/view.php?id=CVE-2022-20686
07 Dec 2022 — Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.0EPSS: 5%CPEs: 6EXPL: 0CVE-2021-34710 – Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34710
06 Oct 2021 — Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Software de Cisco ATA 190 Series Analog Telephone Adapter podrían permitir a un atacante llevar a cabo un ataque de inyección de comand... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2021-34735 – Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34735
06 Oct 2021 — Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Software de Cisco ATA 190 Series Analog Telephone Adapter podrían permitir a un atacante llevar a cabo un ataque de inyección de comand... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3 • CWE-770: Allocation of Resources Without Limits or Throttling •