A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent malicious user to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the malicious user to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ip_conference_phone_7832_firmware |
||
cisco ip_conference_phone_7832_with_multiplatform_firmware |
||
cisco ip_conference_phone_8832_firmware |
||
cisco ip_conference_phone_8832_with_multiplatform_firmware |
||
cisco ip_phone_6821_firmware |
||
cisco ip_phone_6841_firmware |
||
cisco ip_phone_6851_firmware |
||
cisco ip_phone_6861_firmware |
||
cisco ip_phone_6871_firmware |
||
cisco ip_phone_7811_firmware |
||
cisco ip_phone_7811_with_multiplatform_firmware |
||
cisco ip_phone_7821_firmware |
||
cisco ip_phone_7821_with_multiplatform_firmware |
||
cisco ip_phone_7841_firmware |
||
cisco ip_phone_7841_with_multiplatform_firmware |
||
cisco ip_phone_7861_firmware |
||
cisco ip_phone_7861_with_multiplatform_firmware |
||
cisco ip_phone_8811_firmware |
||
cisco ip_phone_8811_with_multiplatform_firmware |
||
cisco ip_phone_8841_firmware |
||
cisco ip_phone_8841_with_multiplatform_firmware |
||
cisco ip_phone_8851_firmware |
||
cisco ip_phone_8851_with_multiplatform_firmware |
||
cisco ip_phone_8861_firmware |
||
cisco ip_phone_8861_with_multiplatform_firmware |
||
cisco ip_phone_8845_firmware |
||
cisco ip_phone_8845_with_multiplatform_firmware |
||
cisco ip_phone_8865_firmware |
||
cisco ip_phone_8865_with_multiplatform_firmware |
||
cisco unified_ip_conference_phone_8831_firmware |
||
cisco unified_ip_conference_phone_8831_for_third-party_call_control_firmware - |
||
cisco wireless_ip_phone_8821_firmware |
||
cisco wireless_ip_phone_8821-ex_firmware |
Critical fix for static login headlines latest patch rollout
Cisco has released fixes to address 17 vulnerabilities across its networking and unified communications lines.
The bundle includes one fix for a critical issue and six patches for bugs deemed high-risk vulnerabilities. They include remote access and code execution, elevation of privilege, denial of service, and cross-site request forgeries.
The lone critical bulletin is for CVE-2020-3158, a bug caused by the presence of a high-privilege account with a static password present in the C...
Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol (CDP), the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment.
Researchers say that the vulnerabilities, which they collectively call CDPwn, can allow attackers to remotely take over millions of devices. The flaws specifically exist in the parsing of CDP packets, in the protocol implementation for various Cisco products, from its s...
Cisco is issuing patches for five critical vulnerabilities that have been discovered in Cisco Discovery Protocol (CDP), the info-sharing layer that maps all Cisco equipment on a network.
Researchers at Armis say that the vulnerabilities, which they disclosed on Wednesday and collectively dubbed CDPwn, can allow attackers with an existing foothold in the network to break through network segmentation efforts and remotely take over millions of devices.
CDP is a Cisco proprietary Layer 2...