Some models of Cisco IP phones have high-severity vulnerability

Share post:

Several models of Cisco Systems’ IP phones have a high-severity vulnerability, the company has acknowledged, but a patch won’t be available until January.

Nor is there a workaround for the Cisco Discovery Protocol processing feature in the Cisco IP Phone 7800 and 8800 Series (excluding the Cisco Wireless IP Phone 8821).

What administrators can think about is disabling Cisco Discovery Protocol on affected phones. Devices will then use LLDP for discovery of configuration data such as voice VLAN, and power negotiation.

However, Cisco warns that “this is not a trivial change and will require diligence on behalf of the enterprise to evaluate any potential impact to devices as well as the best approach to deploy this change in their enterprise.”

“While this mitigation has been deployed and was proven successful in a test environment,” Cisco says, “customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.”

The vulnerability in the Cisco Discovery Protocol processing feature of the affected phones could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. The hole is due to insufficient input validation of received Cisco Discovery Protocol packets, the Cisco notice says. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

The post Some models of Cisco IP phones have high-severity vulnerability first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways