Saturday, December 2, 2023

Cisco IP Phone Vulnerability Let Unauthenticated Attacker Execute Remote Code

Cisco has uncovered a high-severity vulnerability affecting its IP Phone 7800 and 8800 Series, tracked as CVE-2022-20968 (except Cisco Wireless IP Phone 8821). 

An unauthenticated, adjacent attacker might exploit the flaw to cause a stack overflow on an affected device, which can result in remote code execution and denial of service (DoS) attacks.

This vulnerability exists, due to inadequate input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device.

“A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device”, reads the advisory published by the company.

The vulnerability was reported to Cisco by Qian Chen of the Codesafe Team of Legendsec at QI-ANXIN Group.

Products Affected

The following Cisco products are vulnerable to this flaw:

  • IP Phone 7800 Series
  • IP Phone 8800 Series (except Cisco Wireless IP Phone 8821)

There are no workarounds that address this vulnerability.

Mitigations That Address This Vulnerability

Cisco Discovery Protocol can be disabled on impacted IP Phone 7800 and 8800 Series devices by administrators.

Then, for the purpose of discovering configuration information such as voice VLAN, power negotiation, and so forth, devices will employ LLDP.

The enterprise will need to remain cautious in determining the best method to implement it within their organisation as well as any potential effects on devices.

Cisco said customers should assess the applicability and efficacy in their own environments and usage circumstances. Also, customers need to be aware that, due to inherent customer deployment scenarios and limits, any workaround or mitigation they attempt may adversely affect the functionality or performance of their network.

It is also important to assess any workarounds or mitigations for their individual environments and any potential effects before deploying them. 

Cisco claims that a patch will be available in January 2023 but has not yet published any security upgrades to address this flaw.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles