Security News > 2022 > December > Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware
2022-12-10 05:52

Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service condition.

The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 and stems from a case of insufficient input validation of received Cisco Discovery Protocol packets.

CDP is a proprietary network-independent protocol that is used for collecting information related to nearby, directly connected devices such as hardware, software, and device name, among others.

"An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device," the company said in an alert published on December 8, 2022.

"A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service condition on an affected device."

Cisco IP phones running firmware version 14.2 and earlier are impacted.


News URL

https://thehackernews.com/2022/12/cisco-warns-of-high-severity-unpatched.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-20968 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets.
low complexity
cisco CWE-787
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1771 1669 288 3749