Jump to content
  • Cisco discloses high-severity IP phone bug with exploit code

    alf9872000

    • 1.4k views
    • 2 minutes
     Share


    • 1.4k views
    • 2 minutes

    Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.

     

    The company warned on Thursday that its Product Security Incident Response Team (PSIRT) is "aware that proof-of-concept exploit code is available" and that the "vulnerability has been publicly discussed."

     

    However, Cisco's PSIRT added that it is not yet aware of any attempts to exploit this flaw in attacks.

     

    Cisco has not released security updates to address this bug before disclosure and says that a patch will be available in January 2023. 

     

    CVE-2022-20968, as the security flaw is tracked, is caused by insufficient input validation of received Cisco Discovery Protocol packets, which unauthenticated, adjacent attackers can exploit to trigger a stack overflow.

     

    Affected devices include Cisco IP phones running 7800 and 8800 Series firmware version 14.2 and earlier.

     

    The vulnerability was reported to Cisco by Qian Chen of the Codesafe Team of Legendsec at QI-ANXIN Group.

    Mitigation available for some devices

    While a security update to address CVE-2022-20968 or a workaround are not yet available, Cisco provides mitigation advice for admins who want to secure vulnerable devices in their environment from potential attacks.

     

    This requires disabling the Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery.

     

    "Devices will then use LLDP for discovery of configuration data such as voice VLAN, power negotiation, and so on," Cisco explained in a security advisory published Thursday.

     

    "This is not a trivial change and will require diligence on behalf of the enterprise to evaluate any potential impact to devices as well as the best approach to deploy this change in their enterprise."

     

    Admins who want to deploy this mitigation are advised to test its effectiveness and applicability for their environment.

     

    Cisco warned that "customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment."

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...