Customers were told by Cisco that patches are being developed for a high severity vulnerability impacting some of its IP phones.
The vulnerability, identified as CVE-2022-20968, affects Cisco IP phones from the 7800 and 8800 series (apart from 8821). There are no workarounds, however Cisco did offer a mitigation that can be applied until the company issues patches.
According to the networking company, CVE-2022-20968 is a stack buffer overflow affecting the Discovery Protocol processing capability.
Sending specially created Discovery Protocol packets to the targeted device would allow an unauthenticated, nearby attacker to exploit the vulnerability. Exploitation may result in denial-of-service (DoS) or the execution of arbitrary code