Overview

This vulnerability exists in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware. It could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

Full description of the vulnerability is available on the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U

What do you need to do?

1.   Confirm whether you are using any of the impacted devices:

• IP Phone 7800 Series
• IP Phone 8800 Series (except Cisco Wireless IP Phone 8821).

If you aren’t using these devices, no action is required.

2. If you’re using the impacted devices, follow these actions:

• Since the suitable version of the software will become available in January 2023, you can mitigate the risk of this vulnerability by disabling the Cisco Discovery Protocol on the affected IP Phone 7800 and 8800 Series devices.
  
• Once the software is released in January 2023, upgrade your devices to the latest software firmware version 14.2(1) by following the links to download the software below. Log in will be required to your Cisco’s CCO download    repository for this page.
  
  • For IP Phone 7800 Series
    
  • For IP Phone 8800 Series.

Service notice

If you haven't already done so, bookmark this website and register your details to receive email alerts.