Stack Overflow Vulnerability in Cisco IP Phone 7800 and 8800 Series
CVE-2022-20968

8.1HIGH

Key Information:

Vendor

Cisco
Status
Cisco Session Initiation Protocol (sip) Software
Vendor
CVE Published:
12 December 2022

Badges

👾 Exploit Exists

What is CVE-2022-20968?

The vulnerability in the Cisco Discovery Protocol processing feature impacts Cisco IP Phone 7800 and 8800 Series firmware. It arises from inadequate input validation of incoming Cisco Discovery Protocol packets. An attacker situated on the same network could exploit this flaw by dispatching specially crafted Cisco Discovery Protocol traffic. Successful exploitation could lead to a stack overflow, which may enable remote code execution or trigger a denial of service condition on the compromised device.

Affected Version(s)

Cisco Session Initiation Protocol (SIP) Software 9.3(4) 3rd Party

Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR3 3rd Party

Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR1 3rd Party

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-20968 : Stack Overflow Vulnerability in Cisco IP Phone 7800 and 8800 Series