Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821).
An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading to remote code execution and denial of service (DoS) attacks.
The vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets.
An attacker could exploit this flaw by sending specially crafted Cisco Discovery Protocol packets to an affected device.
Cisco Product Security Incident Response Team (PSIRT) is aware of the availability of a proof-of-concept exploit code for this vulnerability.
“The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory and that this vulnerability has been publicly discussed.” continues the report. “The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.”