Cisco is Developing a Patch for an IP Phone Vulnerability 


Customers were told by Cisco that patches are being developed for a high severity vulnerability impacting some of its IP phones.

The vulnerability, identified as CVE-2022-20968, affects Cisco IP phones from the 7800 and 8800 series (apart from 8821). There are no workarounds, however Cisco did offer a mitigation that can be applied until the company issues patches.

According to the networking company, CVE-2022-20968 is a stack buffer overflow affecting the Discovery Protocol processing capability.

Also Read: Strategies to minimize multi-vector DDoS attacks

Sending specially created Discovery Protocol packets to the targeted device would allow an unauthenticated, nearby attacker to exploit the vulnerability. Exploitation may result in denial-of-service (DoS) or the execution of arbitrary code

Read More: Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability