Cisco has uncovered a high-severity vulnerability affecting its IP Telephone 7800 and 8800 Sequence, tracked as CVE-2022-20968 (besides Cisco Wi-fi IP Telephone 8821).
An unauthenticated, adjoining attacker may exploit the flaw to trigger a stack overflow on an affected machine, which can lead to distant code execution and denial of service (DoS) assaults.
This vulnerability exists, as a result of insufficient enter validation of obtained Cisco Discovery Protocol packets. An attacker may exploit this vulnerability by sending crafted Cisco Discovery Protocol visitors to an affected machine.
“A profitable exploit may enable the attacker to trigger a stack overflow, leading to potential distant code execution or a denial of service (DoS) situation on an affected machine”, reads the advisory printed by the corporate.
The vulnerability was reported to Cisco by Qian Chen of the Codesafe Group of Legendsec at QI-ANXIN Group.
Merchandise Affected
The next Cisco merchandise are weak to this flaw:
- IP Telephone 7800 Sequence
- IP Telephone 8800 Sequence (besides Cisco Wi-fi IP Telephone 8821)
There aren’t any workarounds that deal with this vulnerability.
Mitigations That Tackle This Vulnerability
Cisco Discovery Protocol may be disabled on impacted IP Telephone 7800 and 8800 Sequence units by directors.
Then, for the aim of discovering configuration info akin to voice VLAN, energy negotiation, and so forth, units will make use of LLDP.
The enterprise might want to stay cautious in figuring out the perfect technique to implement it inside their organisation in addition to any potential results on units.
Cisco mentioned clients ought to assess the applicability and efficacy in their very own environments and utilization circumstances. Additionally, clients should be conscious that, as a result of inherent buyer deployment situations and limits, any workaround or mitigation they try might adversely have an effect on the performance or efficiency of their community.
It’s also essential to evaluate any workarounds or mitigations for his or her particular person environments and any potential results earlier than deploying them.
Cisco claims {that a} patch might be accessible in January 2023 however has not but printed any safety upgrades to handle this flaw.
Safe Net Gateway – Net Filter Guidelines, Exercise Monitoring & Malware Safety – Obtain Free E-Guide