Stack Overflow Vulnerability in Cisco IP Phone 7800 and 8800 Series
CVE-2022-20968

8.1HIGH

Key Information:

Vendor: Cisco
Status: Cisco Session Initiation Protocol (sip) Software
Vendor: CVE Published:; 12 December 2022

Badges

👾 Exploit Exists

Summary

The vulnerability in the Cisco Discovery Protocol processing feature impacts Cisco IP Phone 7800 and 8800 Series firmware. It arises from inadequate input validation of incoming Cisco Discovery Protocol packets. An attacker situated on the same network could exploit this flaw by dispatching specially crafted Cisco Discovery Protocol traffic. Successful exploitation could lead to a stack overflow, which may enable remote code execution or trigger a denial of service condition on the compromised device.

Affected Version(s)

Cisco Session Initiation Protocol (SIP) Software 9.3(4) 3rd Party

Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR3 3rd Party

Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR1 3rd Party

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Nov 2, 2021