Vulnslist

find the latest Cisco vulnerabilities

Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities

cisco-sa-ata19x-multivuln-GEZYVvs · Medium · Published · Updated

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to execute code, cause the service to reload unexpectedly, or cause Cisco Discovery Protocol or LLDP database corruption on an affected device. Note: Cisco Discovery Protocol and LLDP are a Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities. However, administrators may disable the affected feature.

To disable Cisco Discovery Protocol or LLDP on the LAN interface of a device, open the web UI and choose Network Setup > Advanced Settings > CDP &LLDP. Then uncheck Enabled CDP or Enabled LLDP.

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2022-20686, CVE-2022-20687, CVE-2022-20688, CVE-2022-20689, CVE-2022-20690, CVE-2022-20691, CVE-2022-20766
Cisco Bug IDsCSCvz93493, CSCvz91984, CSCvz93504, CSCwa24837, CSCwa24842, CSCwa24844, CSCwa24849
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco ATA Series Analog Telephone Adaptor, Cisco Analog Telephone Adaptor (ATA) Software

Related Products

Product CVE Evidence