Stack-based buffer overflow in IP Phone 7800 Series and Cisco IP Phone 8800 Series - CVE-2022-20968
Published: December 8, 2022
IP Phone 7800 Series
Cisco IP Phone 8800 Series
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing Cisco Discovery Protocol packets. A remote attacker on the local network can send specially crafted packets to the affected device, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2022-20968
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
The vendor plans to release firmware upgrade in January 2023.