December 1, 2023

Cisco has disclosed a high-severity vulnerability impacting its IP Phone 7800 and 8800 Series.

Tracked as CVE-2022-20968, an unauthenticated attacker can trigger the flaw to cause a stack overflow on an affected device, leading to remote code execution and denial of service attacks.

The vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this flaw by sending specially crafted Cisco Discovery Protocol packets to an affected device.

Advertisements

Cisco PSIRT is aware of the availability of a proof-of-concept exploit code for this vulnerability and is not aware of any malicious use of the vulnerability that is described in this advisory.

Currently, no workaround is available and only provided mitigation for this issue. Cisco recommends disabling the Cisco Discovery Protocol on affected IP phones that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery. The devices will then use LLDP for discovery of configuration data such as voice VLAN, power negotiations.

Cisco planned to address this flaw in January 2023.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023
%d bloggers like this: