CVE-2023-20047 — Uncontrolled Resource Consumption in Cisco SIP IP Phone Software

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 71.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco SIP IP Phone Software Cisco Webex Room Phone Firmware Cisco Webex Share Firmware +1 more

Timeline

PublishedJan 20

Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient resource allocation. An attacker could exploit this vulnerability by sending crafted LLDP traffic to an affected device. A successful exploit could allow the attacker to exhaust the memory resources of the affected d…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDcisco/webex_room_phone_firmware1.2.0

▶CVEListV5cisco/cisco_webex_room_phone4 versions+3

▶NVDcisco/webex_share_firmware1.2.0

▶NVDcisco/sip_ip_phone_software1.2.0

🔴Vulnerability Details

GHSA

GHSA-5f68-jm8v-355j: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthentic↗2023-01-20

▶

CVEList

CVE-2023-20047: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthentic↗2023-01-19

▶

📋Vendor Advisories

Cisco

Cisco Webex Room Phone and Cisco Webex Share Link Layer Discovery Protocol Memory Leak Vulnerability↗2023-01-11

▶