Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading to remote code execution and denial of service (DoS) attacks.
The vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets.
An attacker could exploit this flaw by sending specially crafted Cisco Discovery Protocol packets to an affected device.
“A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.” reads the advisory published by the company. “This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.”
Cisco Product Security Incident Response Team (PSIRT) is aware of the availability of a proof-of-concept exploit code for this vulnerability.
“The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory and that this vulnerability has been publicly discussed.” continues the report. “The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.”
The IT giant plans to address this flaw in January 2023.
According to the advisory, a workaround is not yet available, the vendor only provided mitigation for this issue. The company recommends disabling the Cisco Discovery Protocol on affected IP Phones that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery. The devices will then use LLDP for discovery of configuration data such as voice VLAN, power negotiation, and so on.
“While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations.” concludes the advisory. “Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.”
The vulnerability was reported by Qian Chen of the Codesafe Team of Legendsec at QI-ANXIN Group.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, IP phones)