Customers were told by Cisco that patches are being developed for a high severity vulnerability impacting some of its IP phones.
The vulnerability, identified as CVE-2022-20968, affects Cisco IP phones from the 7800 and 8800 series (apart from 8821). There are no workarounds, however Cisco did offer a mitigation that can be applied until the company issues patches.
According to the networking company, CVE-2022-20968 is a stack buffer overflow affecting the Discovery Protocol processing capability.
Also Read: Strategies to minimize multi-vector DDoS attacks
Sending specially created Discovery Protocol packets to the targeted device would allow an unauthenticated, nearby attacker to exploit the vulnerability. Exploitation may result in denial-of-service (DoS) or the execution of arbitrary code
Read More: Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability