Skip to content

Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series - 20221212001

Overview

Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

What is the vulnerability ?

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.

This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

What is vulnerable ?

  • Vulnerable Products

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IP Phone firmware:

  • IP Phone 7800 Series
  • IP Phone 8800 Series (except Cisco Wireless IP Phone 8821)

For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

  • Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

What has been observed ?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing

Recommendation

Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Reference