CVE-2022-20968

Description from NVD

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

Information Acquisition Date:2022-12-31T16:40Z

CVSS 2.0: 0.0 None CVSS 3.x: 8.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

NVD References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
source:MISC
tags:Vendor Advisory

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag: Cisco(1 tweets)

List of frequently cited URLs

URL	Num of Times Referred to
https://cvetrends.com	50
https://thehackernews.com/2022/12/cisco-warns-of-high-sever...	7
https://www.helpnetsecurity.com/2022/12/12/cve-2022-20968	7
https://tweetedtimes.com/thinksnews?s=tnp	5
https://securityonline.info/cve-2022-20968-cisco-ip-phone-7...	3

Information from Twitter

User	URL	Info Source	Date
fletch_ai	https://bit.ly/3F1IqWW	Source fletch_ai 1632960524668289024	2023/03/07

List of frequently cited URLs

URL	Num of Times Referred to
cvetrends.com	50
thehackernews.com	7
www.helpnetsecurity.com	7
tweetedtimes.com	5
securityonline.info	3

Information from Twitter

User	URL	Info Source
fletch_ai	bit.ly	Show Tweet

GitHub Search Results: Up to 10

Name	URL
Live-Hack-CVE/CVE-2022-20968	https://github.com/Live-Hack-CVE/CVE-2022-20968

GitHub Search Results: Up to 10

Name	URL
Live-Hack-CVE/CVE-2022-20968	github.com

2023/03/07 Score : 0
Added Har-sia Database : 2022/12/09
Last Modified : 2023/03/07
Highest Scored Date : 2022/12/12
Highest Score : 42