Subscribe

Some models of Cisco IP phones have high-severity vulnerability

December 9, 2022

Several models of Cisco Systems’ IP phones have a high-severity vulnerability, the company has acknowledged, but a patch won’t be available until January.

Nor is there a workaround for the Cisco Discovery Protocol processing feature in the Cisco IP Phone 7800 and 8800 Series (excluding the Cisco Wireless IP Phone 8821).

What administrators can think about is disabling Cisco Discovery Protocol on affected phones. Devices will then use LLDP for discovery of configuration data such as voice VLAN, and power negotiation.

However, Cisco warns that “this is not a trivial change and will require diligence on behalf of the enterprise to evaluate any potential impact to devices as well as the best approach to deploy this change in their enterprise.”

“While this mitigation has been deployed and was proven successful in a test environment,” Cisco says, “customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.”

The vulnerability in the Cisco Discovery Protocol processing feature of the affected phones could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. The hole is due to insufficient input validation of received Cisco Discovery Protocol packets, the Cisco notice says. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

The post Some models of Cisco IP phones have high-severity vulnerability first appeared on IT World Canada.

Top Stories

Zoho’s Canadian Leader on AI, Privacy, and Why Small Models Matter

Edmonton firm developing ‘matriarchal AI’ after Geoffrey Hinton calls for maternal instincts in tech

House of Commons hit by cyberattack tied to Microsoft flaw

Crypto crackdown freezes $300M in fraud-linked assets

Canada Faces 12 Billion Cyberattacks in Just Six Months**

Nova Scotia to host Canada’s first offshore wind zones, paving way for huge increase in renewable energy

Related Articles

Coffee With Jim: Rethinking Phishing Training – What The Research Really Says

August 24, 2025 Every month or so I like to step back from the day-to-day news cycle and look at more...

House of Commons hit by cyberattack tied to Microsoft flaw

August 18, 2025 The House of Commons has confirmed it was the target of a cyberattack that exposed personal and more...

Nova Scotia Power rebuked for seeking secrecy amid cyber-breach probe

August 16, 2025 Nova  Scotia Power has been publicly reprimanded for requesting secrecy in the investigation of its recent ransomware more...

Crypto crackdown freezes $300M in fraud-linked assets

August 16, 2025 Authorities and industry partners have frozen more than $300 million in cryptocurrency tied to cybercrime and fraud more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.