Denial of Service Vulnerability in Cisco Webex Devices
CVE-2023-20047

6.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Webex Room Phone
Vendor
CVE Published:
20 January 2023

Summary

A vulnerability exists in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices. This issue arises from insufficient resource allocation, enabling an unauthenticated adjacent attacker to disrupt device operations by sending specially crafted LLDP traffic. Successful exploitation can lead to memory resource exhaustion, causing the LLDP process to crash. If the affected device is solely configured for LLDP support, this results in a significant interruption to inbound and outbound calls. The default configuration allows support for both LLDP and Cisco Discovery Protocol. Recovery from this disruption necessitates a manual restart of the affected device.

Affected Version(s)

Cisco Webex Room Phone RoomPhone 1.1.0

Cisco Webex Room Phone RoomPhone 1.2.0

Cisco Webex Room Phone RoomPhone 1.2.0SR1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.