How severe is CVE-2022-20689?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-20689?

This is classified as CWE-130, which is a common weakness in software security.

CVE-2022-20689 - HIGH Severity | CVSS 8.8

Vulnerability Description

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.

Related Vulnerabilities

CVE-2020-10065

HIGH

CVSS:8.8(High)

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com...

CWE-1302020

CVE-2022-20690

HIGH

CVSS:8.8(High)

CWE-1302022

CVE-2022-20870

HIGH

CVSS:8.6(High)

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote ...

CWE-1302022

CVE-2019-3862

CRITICAL

CVSS:9.1(Critical)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a ...

CWE-1302019

CVE-2022-1543

CRITICAL

CVSS:9.3(Critical)

Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. Tha...

CWE-1302022

CVE-2022-2714

HIGH

CVSS:8.1(High)

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.

CWE-1302022