Cisco is Working on a Patch to Secure its IP Phones 7800 and 8800 Series

Two of the latest Cisco IP phones – 7800 and 8800 Series – are said to have a critical security vulnerability that may allow an attacker to execute arbitrary code remotely.

The Cisco team says it’s aware of the bug and is working on a patch. While it’s scheduled to arrive sometime next month, they suggested a workaround until then – but warned customers to test it thoroughly before trying.

Security Bug on Cisco IP Phones

Upon notification from the Codesafe Team’s Qian Chen, Cisco today disclosed a critical security vulnerability on it’s IP Phones Series 7800 and 8800 – that may let an attacker abuse an exploit for conducting DoS attacks.

Tracked as CVE-2022-20968, Cisco’s Product Security Incident Response Team (PSIRT) said they’re aware of the proof-of-concept exploit code in the wild and the vulnerability being publicly discussed. While it’s a worrying issue, the company assured us that no exploitations of this bug had been recorded till now.

Though the company is working on a fix, we might not see it until next month. Thus, until then, the customers of IP Phones Series 7800 and 8800 are warned to be careful. A successful attacker can exploit this input validation bug to execute malicious code remotely and take over the device.

Well, Cisco shared a workaround until the official fix arrives – which is to disable the Cisco Discovery Protocol on the affected IP models and let the devices operate through Link Layer Discovery Protocol (LLDP) for neighbor discovery. Both the Series 7800 and 8800 support LLDP, which lets them discover the configuration data such as voice VLAN, power negotiation, etc.

Although, Cisco warned customers to test this workaround for it’s effectiveness before deploying it on their devices. This is a must for the system admins at enterprises, where any wrongdoings can break down the company’s operations.

Other Trending News:-  News

LEAVE A REPLY

Please enter your comment!
Please enter your name here