CVE-2022-20687 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.

Cisco has assigned the following CVSS v3 scores based on the criteria below to these vulnerabilities: In addition to unauthorized access, code execution, and DoS, these vulnerabilities could be exploited to cause a remote device to restart, resulting in a denial of service. Cisco has released software updates to address these vulnerabilities. There are no known workarounds at this time. Cisco recommends monitoring for breach of these DoS conditions and implementing prevention techniques (such as firewalling/access control) to prevent unauthorized access to these devices. Cisco recommends monitoring for breach of these DoS conditions and implementing prevention techniques (such as firewalling/access control) to prevent unauthorized access to these devices. Cisco has assigned the following CVSS v3 scores based on the criteria below to these vulnerabilities: In addition to unauthorized access, code execution, and DoS, these vulnerabilities could be exploited to cause a remote device to restart, resulting in a denial of service. Cisco has released software updates to address these vulnerabilities. There are no known workarounds at this time. Cisco recommends monitoring for breach of these DoS conditions and implementing prevention techniques (such as firewalling/access control) to prevent unauthorized access to these devices

Cisco IOS Software Software Development Life Cycle (SDLC) Vulnerabilities

This vulnerability has been assigned a CVSS v3 base score of 7.2.
Cisco IOS Software SDLC vulnerabilities are exploitable through the configuration process and can result in unauthorized access, code execution, and DoS conditions. Cisco has released software updates to address these vulnerabilities. There are no known workarounds at this time. Cisco recommends monitoring for breach of these DoS conditions and implementing prevention techniques (such as firewalling/access control) to prevent unauthorized access to these devices

CVSS OVERVIEW

CVSS (Common Vulnerability Scoring System) is an open standard that allows organizations to determine the severity of a vulnerability according to the potential consequences and impact on their business. The CVSS model is used by many industry groups for risk assessment. Cisco places a particular weighting on each vulnerability in its CVSS score, which means that this particular vulnerability could cause your company more harm than others.

Timeline

Published on: 12/12/2022 09:15:00 UTC
Last modified on: 12/14/2022 17:14:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20687