{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-20766","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2021-11-02T13:28:29.102Z","datePublished":"2024-11-15T15:35:42.433Z","dateUpdated":"2024-11-15T21:07:11.500Z"},"containers":{"cna":{"title":"Cisco ATA 190 Series Analog Telephone Adapter firmware Cisco Discovery Protocol Denial of Service Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\nThis vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs","name":"cisco-sa-ata19x-multivuln-GEZYVvs"}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}],"source":{"advisory":"cisco-sa-ata19x-multivuln-GEZYVvs","discovery":"EXTERNAL","defects":["CSCwa24849"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Out-of-bounds Read","type":"cwe","cweId":"CWE-125"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Analog Telephone Adaptor (ATA) Software","versions":[{"version":"2.16(1)","status":"affected"},{"version":"2.16(2)","status":"affected"},{"version":"2.1(6)","status":"affected"},{"version":"2.14","status":"affected"},{"version":"3.2(0)","status":"affected"},{"version":"1.1(4)","status":"affected"},{"version":"2.1(5)","status":"affected"},{"version":"3.2(1)","status":"affected"},{"version":"2.15","status":"affected"},{"version":"1.0(0)","status":"affected"},{"version":"1.34","status":"affected"},{"version":"3.1(1)","status":"affected"},{"version":"3.2(4)","status":"affected"},{"version":"3.0(0)","status":"affected"},{"version":"3.2(3)","status":"affected"},{"version":"3.1(0)","status":"affected"},{"version":"3.1(2)","status":"affected"},{"version":"1.2.1","status":"affected"},{"version":"1.2.2","status":"affected"},{"version":"1.2.2 SR1","status":"affected"},{"version":"1.1.2","status":"affected"},{"version":"1.1.0","status":"affected"},{"version":"1.1.1","status":"affected"},{"version":"9.0(3)","status":"affected"},{"version":"9.2(3)","status":"affected"},{"version":"9.2(1)","status":"affected"},{"version":"12.0.1 SR2","status":"affected"},{"version":"11.1.0","status":"affected"},{"version":"12.0.1 SR1","status":"affected"},{"version":"11.1.0 MSR1","status":"affected"},{"version":"12.0.1","status":"affected"},{"version":"11.1.0 MSR2","status":"affected"},{"version":"11.1.0 MSR3","status":"affected"},{"version":"1.2.2 SR2","status":"affected"},{"version":"11.1.0 MSR4","status":"affected"},{"version":"12.0.1 SR3","status":"affected"},{"version":"11.2.1","status":"affected"},{"version":"12.0.1 SR4","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-11-15T15:35:42.433Z"}},"adp":[{"affected":[{"vendor":"cisco","product":"ata_190_firmware","cpes":["cpe:2.3:o:cisco:ata_190_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"*","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-15T21:01:50.788004Z","id":"CVE-2022-20766","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-15T21:07:11.500Z"}}]}}