Issued: Thursday, 15 December, 2022 |
Last Revision: Thursday, 15 December, 2022 |
Vendor: |
Product: |
Severity Level: |
Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series. A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.
This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device.
A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device. Cisco Product Security Incident Response Team (PSIRT) is aware of the availability of a proof-of-concept exploit code for this vulnerability.
CVE/Vulnerability | Affected Products | CVSS Score | Exploitable |
CVE-2022-20968 | IP Phone 7800 Series IP Phone 8800 Series (except Cisco Wireless IP Phone 8821) Firmware version 14.2 and earlier are impacted | 8.1 | Yes |
Patched is schedule to be release in January 2023 as per Cisco but provisional fix has been provided, which can be taken from cisco official page.