CVE-2022-20968
high-risk
Published 2022-12-12
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.
Do I need to act?
!
10.2% chance of exploitation in next 30 days
EPSS score — higher than 90% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (20)
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Ip Phone 7811 Firmware
Affected Vendors
69
/ 100
high-risk
Severity
25/34 · High
Exploitability
11/34 · Low
Exposure
33/34 · Critical