CVE-2022-20968

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGH
EPSS
10.2%
top 6.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Cisco Cisco Session Initiation Protocol (sip) SoftwareCisco IP Phone 7811 FirmwareCisco IP Phone 7821 Firmware+11 more
Timeline
PublishedDec 12

Description

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a sta

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages14 packages

NVDcisco/ip_phone_7811_firmware54 versions+53
NVDcisco/ip_phone_7821_firmware54 versions+53
NVDcisco/ip_phone_7832_firmware54 versions+53
NVDcisco/ip_phone_7841_firmware54 versions+53

🔴Vulnerability Details

2
GHSA
GHSA-39vj-2wxm-c37w: A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adj2022-12-12
CVEList
CVE-2022-20968: A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adj2022-12-08

📋Vendor Advisories

1
Cisco
Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability2022-12-08
CVE-2022-20968 (HIGH CVSS 8.8) | A vulnerability in the Cisco Discov | cvebase.io