Wednesday, November 13, 2024
HomeCyber Security NewsCisco IP Phone Vulnerability Let Unauthenticated Attacker Execute Remote Code

Cisco IP Phone Vulnerability Let Unauthenticated Attacker Execute Remote Code

Published on

Malware protection

Cisco has uncovered a high-severity vulnerability affecting its IP Phone 7800 and 8800 Series, tracked as CVE-2022-20968 (except Cisco Wireless IP Phone 8821). 

An unauthenticated, adjacent attacker might exploit the flaw to cause a stack overflow on an affected device, which can result in remote code execution and denial of service (DoS) attacks.

This vulnerability exists, due to inadequate input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device.

- Advertisement - SIEM as a Service

“A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device”, reads the advisory published by the company.

The vulnerability was reported to Cisco by Qian Chen of the Codesafe Team of Legendsec at QI-ANXIN Group.

Products Affected

The following Cisco products are vulnerable to this flaw:

  • IP Phone 7800 Series
  • IP Phone 8800 Series (except Cisco Wireless IP Phone 8821)

There are no workarounds that address this vulnerability.

Mitigations That Address This Vulnerability

Cisco Discovery Protocol can be disabled on impacted IP Phone 7800 and 8800 Series devices by administrators.

Then, for the purpose of discovering configuration information such as voice VLAN, power negotiation, and so forth, devices will employ LLDP.

The enterprise will need to remain cautious in determining the best method to implement it within their organisation as well as any potential effects on devices.

Cisco said customers should assess the applicability and efficacy in their own environments and usage circumstances. Also, customers need to be aware that, due to inherent customer deployment scenarios and limits, any workaround or mitigation they attempt may adversely affect the functionality or performance of their network.

It is also important to assess any workarounds or mitigations for their individual environments and any potential effects before deploying them. 

Cisco claims that a patch will be available in January 2023 but has not yet published any security upgrades to address this flaw.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community...

Chrome 131 Released with the Fix for Multiple Vulnerabilities

The Chrome team has officially announced the release of Chrome 131 for Windows, Mac,...

Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access

Ivanti, the well-known provider of IT asset and service management solutions, has issued critical...

Thousands of EOL D-Link Routers Vulnerable to Password Change Attacks

In a critical security disclosure, it has been revealed that thousands of end-of-life (EOL)...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community...

Chrome 131 Released with the Fix for Multiple Vulnerabilities

The Chrome team has officially announced the release of Chrome 131 for Windows, Mac,...

Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access

Ivanti, the well-known provider of IT asset and service management solutions, has issued critical...