1. Home
  2. CVE Database
  3. CVE-2022-20968
HIGH · 8.1

CVE-2022-20968

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an aff...

Vulnerability Description

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIp Phone 7811 Firmware9.3\(3\)
CiscoIp Phone 7811-
CiscoIp Phone 7821 Firmware9.3\(3\)
CiscoIp Phone 7821-
CiscoIp Phone 7832 Firmware9.3\(3\)
CiscoIp Phone 7832-
CiscoIp Phone 7841 Firmware9.3\(3\)
CiscoIp Phone 7841-
CiscoIp Phone 7861 Firmware9.3\(3\)
CiscoIp Phone 7861-
CiscoIp Phone 8811 Firmware9.3\(3\)
CiscoIp Phone 8811-
CiscoIp Phone 8831 Firmware9.3\(3\)
CiscoIp Phone 8831-
CiscoIp Phone 8832 Firmware9.3\(3\)
CiscoIp Phone 8832-
CiscoIp Phone 8841 Firmware9.3\(3\)
CiscoIp Phone 8841-
CiscoIp Phone 8845 Firmware9.3\(3\)
CiscoIp Phone 8845-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2022-20968?

CVE-2022-20968 is a vulnerability with a CVSS score of 8.1 (HIGH). A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an aff...

How severe is CVE-2022-20968?

CVE-2022-20968 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-20968?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 7811 Firmware, Cisco Ip Phone 7811, Cisco Ip Phone 7821 Firmware, Cisco Ip Phone 7821, Cisco Ip Phone 7832 Firmware.