cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20766,https://securityvulnerability.io/vulnerability/CVE-2022-20766,Cisco ATA 190 Series Adaptive Telephone Adapter Vulnerability to Cause Denial of Service,"A vulnerability exists within the Cisco Discovery Protocol functionality of the Cisco ATA 190 Series Adaptive Telephone Adapter firmware. This issue permits unauthenticated, remote attackers to trigger a denial of service condition on the affected devices. The flaw originates from an out-of-bounds read when processing specially crafted Cisco Discovery Protocol packets. An attacker can exploit this weakness by sending these malicious packets, potentially leading to a service restart. Cisco has issued firmware updates to mitigate this vulnerability, and no workarounds are available to address the issue.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T15:35:42.433Z,0
CVE-2024-20463,https://securityvulnerability.io/vulnerability/CVE-2024-20463,Cisco ATA 190 Series Analog Telephone Adapter Vulnerability: Remote Configuration Modification and Reboot Possible,"A weakness in the web-based management interface of Cisco's ATA 190 Series Analog Telephone Adapter firmware permits an unauthenticated, remote adversary to alter the device configuration or initiate a reboot. This issue is linked to the HTTP server's faulty handling of state changes in GET requests, allowing attackers to exploit this vulnerability by dispatching malicious requests to the management interface. The execution of a successful exploit may result in limited configuration adjustments or device reboots, potentially leading to a denial of service (DoS) scenario.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,7.1,HIGH,0.0004600000102072954,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20460,https://securityvulnerability.io/vulnerability/CVE-2024-20460,Cisco ATA 190 Series Analog Telephone Adapter Vulnerable to Reflected Cross-Site Scripting Attacks,"A vulnerability exists within the web-based management interface of the Cisco ATA 190 Series Analog Telephone Adapter firmware, enabling unauthenticated, remote attackers to carry out reflected cross-site scripting (XSS) attacks. The root cause stems from insufficient validation of user input, which can be exploited if the attacker convinces a victim to click a specially crafted link. When successful, the exploit may allow arbitrary script code execution within the affected interface's context or lead to exposure of sensitive browser-based information on the compromised device. This vulnerability highlights the importance of securing management interfaces and sanitizing user inputs to prevent malicious exploits.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-10-31T15:15:05.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20462,https://securityvulnerability.io/vulnerability/CVE-2024-20462,Cisco ATA 190 Series Multiplatform Analog Telephone Adapter Vulnerability: Passwords at Risk,"A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device.

This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.5,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20420,https://securityvulnerability.io/vulnerability/CVE-2024-20420,Cisco ATA 190 Series Analog Telephone Adapter Vulnerability,"A vulnerability exists in the web-based management interface of the Cisco ATA 190 Series Analog Telephone Adapter firmware that can be exploited by an authenticated, remote attacker with low privileges. This issue arises from improper authorization verification within the HTTP server. By crafting a malicious HTTP request, an attacker could inadvertently receive the ability to execute commands with Admin privileges. This flaw poses a significant risk, as successful exploitation could compromise the integrity and security of the affected device, allowing for unauthorized administrative actions.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,8.8,HIGH,0.0005000000237487257,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-20421,https://securityvulnerability.io/vulnerability/CVE-2024-20421,Cisco ATA 190 Series Analog Telephone Adapter Vulnerable to CSRF Attacks,"A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,6.5,MEDIUM,0.0004799999878741801,false,,false,false,true,2024-10-31T14:15:03.000Z,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2022-20691,https://securityvulnerability.io/vulnerability/CVE-2022-20691,Denial of Service in Cisco ATA 190 Series Adaptive Telephone Adapter,"A flaw in the Cisco Discovery Protocol functionality of the Cisco ATA 190 Series Adaptive Telephone Adapter firmware enables an unauthenticated adjacent attacker to trigger a Denial of Service (DoS) condition on the device. This occurs due to inadequate validation of the length of certain fields within the Cisco Discovery Protocol packet headers. An attacker can exploit this vulnerability by sending specially crafted Cisco Discovery Protocol packets to the vulnerable device. If successful, this attack can lead to excessive memory usage, resulting in the device becoming unresponsive and potentially requiring a restart. Cisco has made firmware updates available to mitigate this vulnerability.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0005000000237487257,false,,false,false,true,2024-08-03T03:15:37.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20689,https://securityvulnerability.io/vulnerability/CVE-2022-20689,Memory Corruption Vulnerability in Cisco ATA 190 Series Analog Telephone Adapter,"The vulnerability in the Cisco Discovery Protocol within Cisco ATA 190 Series Analog Telephone Adapter firmware allows unauthenticated, adjacent attackers to exploit memory management flaws. This flaw is caused by insufficient length validation when processing Cisco Discovery Protocol messages. By sending specially crafted packets, attackers could induce out-of-bounds reads, compromising the integrity of the internal Cisco Discovery Protocol database on the device. This could lead to various adverse effects on the operation of the affected device.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0006200000061653554,false,,false,false,true,2024-08-03T03:15:37.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20690,https://securityvulnerability.io/vulnerability/CVE-2022-20690,Memory Corruption in Cisco ATA 190 Series Analog Telephone Adapter,"Multiple vulnerabilities have been identified in the Cisco Discovery Protocol aspect of the Cisco ATA 190 Series Analog Telephone Adapter firmware. These flaws arise from insufficient length validation when processing Cisco Discovery Protocol messages. An unauthenticated attacker adjacent to the affected device can exploit these vulnerabilities by sending specially crafted malicious packets. This exploitation can lead to an out-of-bounds read, which in turn may corrupt the internal Cisco Discovery Protocol database, potentially compromising the integrity of the device’s functionality.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0006200000061653554,false,,false,false,true,2024-08-03T03:15:37.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20687,https://securityvulnerability.io/vulnerability/CVE-2022-20687,Remote Code Execution Vulnerability in Cisco ATA 190 Series Analog Telephone Adapter,"Multiple vulnerabilities found in the Link Layer Discovery Protocol functionality of Cisco's ATA 190 Series Analog Telephone Adapter firmware could enable an unauthenticated attacker to send specially crafted LLDP packets to the affected devices. These vulnerabilities revolve around the insufficient validation of packet header lengths, allowing attackers to execute arbitrary code on the device. The result may include unexpected restarts of the LLDP service and potential denial of service conditions, compromising the integrity and availability of communication systems.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-03T03:15:36.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20688,https://securityvulnerability.io/vulnerability/CVE-2022-20688,Remote Code Execution Vulnerability in Cisco ATA 190 Series by Cisco,"A flaw in the Cisco Discovery Protocol functionality of the Cisco ATA 190 Series Analog Telephone Adapter firmware allows unauthenticated remote attackers to send specially crafted packets that lack proper length validation. This can lead to arbitrary code execution on the affected device, causing unexpected service restarts and potential denial-of-service conditions. Successful exploitation may compromise the integrity and availability of the device, highlighting the importance of timely updates to mitigate this risk.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-03T03:15:37.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20686,https://securityvulnerability.io/vulnerability/CVE-2022-20686,Multiple Vulnerabilities in Link Layer Discovery Protocol of Cisco ATA 190 Series,"Multiple security vulnerabilities in the Link Layer Discovery Protocol (LLDP) of the Cisco ATA 190 Series Analog Telephone Adapter firmware may allow an unauthenticated, remote attacker to conduct arbitrary code execution. These weaknesses stem from inadequate validation of certain LLDP packet header fields. An attacker could send a specially crafted LLDP packet to an affected device, which would exploit these vulnerabilities, leading to unexpected LLDP service reboots and potentially resulting in a denial of service.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,5.3,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-03T03:15:36.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2021-34735,https://securityvulnerability.io/vulnerability/CVE-2021-34735,Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities,"Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,8.8,HIGH,0.0017300000181421638,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-10-06T00:00:00.000Z,0
CVE-2021-34710,https://securityvulnerability.io/vulnerability/CVE-2021-34710,Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities,"Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Analog Telephone Adaptor (ata) Software,8.8,HIGH,0.0013299999991431832,false,,false,false,true,2024-08-04T02:15:20.000Z,,false,false,,2021-10-06T00:00:00.000Z,0