Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones?
May 3, 2023
|
6m

How to Fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones?


How To Fix Cve 2022 20968 Stack Overflow Vulnerability In Cisco Ip Phones

On Thursday, Cisco released important news for its customers about CVE-2022-20968- a high-severity vulnerability that affects some of its IP phones, and that it is working on its patches. The company says it’s unaware of any malicious attacks exploiting the vulnerability, but it has been “publicly discussed,” and a proof-of-concept (PoC) exploit is available. 

Cisco was reported of this vulnerability by Qian Chen of the Codesafe Team of Legendsec at the Chinese cybersecurity firm Qi’anxin Group. Cisco released a patch for the vulnerability in January 2023. However, in the meantime, the company provided a mitigation that could be used until the patch was released.

This blog post will discuss the CVE-2022-20968-stack overflow vulnerability in IP phones in detail and the steps on how to Fix CVE-2022-20968. 

A Short Note About Cisco Discovery Protocol

CDP, or Cisco Discovery Protocol, is a proprietary protocol developed by Cisco that allows network devices to discover and collect information about directly connected neighbor devices. It operates on the data link layer and can run on all media supporting Subnetwork Access Protocol (SNAP).

CDP has two versions: 

  1. CDPv1: It is the initial version of the protocol, which is capable of collecting basic device information only, such as the device name and the IP address, of directly connected neighbor devices.

  2. CDPv2 is the most recent protocol version and provides more intelligent device tracking features.

How does CDP work?

Cisco devices periodically transmit CDP packets, which advertise a time-to-live (TTL) value indicating the number of seconds the packet must be retained before it can be discarded. CDP packets are sent with a nonzero TTL value when an interface is enabled and a TTL value of zero immediately before an interface is down. 

All Cisco devices receive and process CDP packets, caching the information in the packet. If there are changes from the last received packet, the new information is cached, and the older information is discarded, even if its TTL value has not expired.

Summary of CVE-2022-20968

  • CVSS Score: 8.1 

  • Severity: High 

  • Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2022-20986 is a security vulnerability present in Cisco IP Phones. An unauthenticated attacker could exploit this vulnerability close to the device. The attacker could cause a w on the affected device by sending malicious Cisco Discovery Protocol packets. 

The vulnerability is due to a lack of proper input validation when processing such packets. If the exploit is successful, it could result in a denial of service (DoS) condition or allow the attacker to execute code on the affected device remotely. 

Products Vulnerable to CVE-2022-20968

The following are the products affected by CVE-2022-20968:

  • IP Phone 7800 Series

  • IP Phone 8800 Series (except Cisco Wireless IP Phone 8821)

How to Fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones?

To address this Vulnerability in Cisco IP Phones, Cisco advises upgrading the current phone software to the latest one. Cisco has released free software updates that you can obtain through their usual update channels, provided you have service contracts that entitle them to regular software updates.

Some key considerations before upgrading the software include: 

  1. Before downloading any software, ensure that you have a valid license and that you only download software versions and feature sets for which you have purchased a license. 

  2. If you have previously purchased software, you can obtain a maintenance upgrade, including security fixes. Still, free security software updates do not entitle you to a new license, additional software feature sets, or major revision upgrades.

  3. To obtain the necessary software updates, visit the Cisco Support and Downloads page on Cisco.com. This page provides information about licensing and downloads and displays your device support coverage if you use the My Devices tool.

  4. You should regularly consult the advisories for Cisco products, which are available on the Cisco Security Advisories page, to determine exposure and a complete upgrade solution. 

  5. Before upgrading, you should also confirm that your device contains sufficient memory and that the new release supports the current hardware and software configurations properly.

  6. If you are uncertain about any aspect of the upgrade process, you should contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers for assistance.

How to Upgrade Cisco IP Phone Firmware 14.2.1?

To upgrade Cisco IP Phone firmware 14.2.1, follow the steps given below: 

Step 1. Determine the Model and Version

1. Press the Applications button on your Cisco IP Phone.2. Navigate to Status using the Navigation cluster button and Select.3. Select Product information from the given options and then press Select.4. Take note of your phone’s product name/model number.

Step 2. Download the Latest Firmware

1. Go to the Downloads page of the Cisco website on your computer.2. Choose Products, then go to the Collaboration Endpoints, then IP Phones, and then IP Phone 3. 8800 Series or IP Phone 7800 Series.4. Select the exact model of your device.5. Click the Session Initiation Protocol (SIP) Software link as the Software Type.
Choose the software you need to download for your product.6. Click
Download.
7. Read the
Cisco End User License Agreement link and click Accept License Agreement.8. Extract the downloaded file and take note of the location where it is extracted.

Step 3. Upgrade the Firmware

1. Determine the IP address of your IP Phone by pressing the Applications button.2. Navigate to Status and press Select.
3. Navigate to
Network status and press Select.4. Look for the IP address and take note of it.5. Launch a browser on your computer and enter the following format in the Address bar: http://<phone_ip>/admin/upgrade?<schema>://<serv_ip[: port]>/filename, then press the Enter key.

Note: Wait for the phone to finish upgrading. The phone may restart a couple of times during the firmware upgrade process. Do not power down the phone while the process is in progress.

Step 4. Verify the Firmware Version

1. Press the Applications button on your IP Phone.2. Navigate to Status and press Select.
3. Navigate to
Product information and press Select.
4. Check the Software version area and verify that the software you downloaded is now on the phone.

Wrapping Up

CVE-2022-20968 is a high-risk software vulnerability that should be addressed immediately. To fix this Vulnerability in Cisco IP Phones, Cisco suggests upgrading the versions. To help you learn how to fix CVE-2022-20968, we have mentioned detailed steps above that you can follow and stay safe. 

We hope this post would help you know know how to fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, Medium & Instagram, and subscribe to receive updates like this. 

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe