Cisco discovered a serious vulnerability in its IP Phones 7800 Series and 8800 Series. It is tracked as (except Cisco Wireless IP Phones 8821).
Unauthenticated attackers may exploit this flaw on adjacent devices to create a stack overload. This can lead to remote code execution or DoS attacks.
Due to insufficient input validation for received Cisco Discovery Protocol packets, this vulnerability is present. This vulnerability could be exploited by an attacker sending malicious Cisco Discovery Protocol traffic directly to the affected device.
The states that “a successful exploit could enable the attacker to cause stack overflows, resulting possibly remote code execution (DoS), or a condition on affected devices,”
Qian Chen, of QI-ANXIN Group’s Codesafe Team of Legendsec reported the vulnerability to Cisco.
This flaw is present in the following Cisco products:
- IP Phone Series 7800
- IP Phone 8800 Series, except Cisco Wireless IP Phone (8821).
This vulnerability cannot be fixed by any workaround.
This vulnerability can be addressed with mitigations
Administrators can disable Cisco Discovery Protocol on affected or 8800 Series devices.
Devices will then use LLDP to discover configuration information, such as power negotiation and voice VLAN.
It is important that the enterprise be cautious when deciding how to best implement it in their organization.
Cisco advised customers to evaluate the effectiveness and applicability of Cisco’s products in their specific environments and use cases. Customers should also be aware of the inherent limitations and deployment situations that customers face, as well as how any mitigation or workaround they try to improve their network’s functionality or performance.
Before deploying any of these solutions, it is important that you evaluate any possible mitigations and workarounds.
Cisco says a patch is coming in January 2023, but it has yet to publish security updates.
Secure Web Gateway, Web Filter Rules Activity Tracking and Malware Protection.