Blog

December 19, 2022

Cisco Reports Critical IP Phone Vulnerability

Written By Securafy Team

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series.

This new vulnerability is caused by inadequate input validation of packets using the Cisco Discovery Protocol. In other words, a threat actor could take advantage of this flaw by sending specially made Cisco Discovery Protocol traffic to a vulnerable device. If successful, the threat actor could cause a stack overflow, leading to a possible denial of service (DoS) condition or remote code execution on the affected device.

Unfortunately, there is currently no security update or workaround available to address the CVE-2022-20968 vulnerability. However, Cisco has provided mitigation guidance for business owners who wish to protect their vulnerable devices from attacks.

Cisco recommends disabling Cisco Discovery Protocol on IP Phone 7800 and 8800 Series devices and enabling Link Layer Discovery Protocol (LLDP) for neighbor discovery to mitigate this vulnerability. It is crucial that business owners carefully assess the potential impact on their devices and determine the best way to implement this change.

It's worth noting that this mitigation is only available for devices that support LLDP for neighbor discovery. If you are using affected devices, you must take the necessary steps to protect your organization from this vulnerability. This may require some diligence on your part, but it is worth it to ensure the security of your business.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.