Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)

A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the company has confirmed.

Cisco‘s PSIRT is also aware that proof-of-concept exploit code is available for the vulnerability and that the flaw has been publicly discussed, but they are not aware of active attacks exploiting it.

About CVE-2022-20968

Cisco IP Phone 7800 and 8800 Series are enterprise-grade devices for video and voice communication. Their many security features allow users to harden them against a variety of attacks.

Reported by security researcher Qian Chen of the Codesafe Team of Legendsec at QI-ANXIN Group, CVE-2022-20968 is found in the devices’ Cisco Discovery Protocol processing feature.

“This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device,” the company explained.

The vulnerability can be exploited without prior authentication on the part of the attacker, but the attack must be launched from the same physical or logical network as the target device (e.g., via Bluetooth, Wi-Fi, neighbor discovery protocol, etc.).

Temporary mitigation should be tested before wider deployment

The flaw affects the entirety of the IP Phone 7800 Series and all devices in the IP Phone 8800 Series except Cisco Wireless IP Phone 8821. It will be fixed with the release of firmware v14.2(1) in January 2023.

“There are no workarounds that address this vulnerability. However, there is a mitigation that addresses this vulnerability for deployments that support both Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for neighbor discovery. Administrators may disable Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices. Devices will then use LLDP for discovery of configuration data such as voice VLAN, power negotiation, and so on,” Cisco advised, but warned that making this change is not trivial.

“While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.”

Don't miss