CVE-2022-20968

Name: CVE-2022-20968
Creator: NVD / NIST
Published: 2022-12-12T09:15:12.613+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 6.35%

Last modified Jun 17, 2026

CVE-2022-20968 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. EPSS estimates a 6.35% chance of exploitation in the next 30 days.

Description

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

6.35%

92.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Ip Phone 7811 Firmware	9.3\(3\)
Cisco	Ip Phone 7811 Firmware	9.3\(4\)
Cisco	Ip Phone 7811 Firmware	9.3\(4\)sr1
Cisco	Ip Phone 7811 Firmware	9.3\(4\)sr2
Cisco	Ip Phone 7811 Firmware	9.3\(4\)sr3
Cisco	Ip Phone 7811 Firmware	10.1\(1\)sr1
Cisco	Ip Phone 7811 Firmware	10.1\(1\)sr2
Cisco	Ip Phone 7811 Firmware	10.1\(1.9\)
Cisco	Ip Phone 7811 Firmware	10.2\(1\)
Cisco	Ip Phone 7811 Firmware	10.2\(1\)sr1
Cisco	Ip Phone 7811 Firmware	10.2\(2\)
Cisco	Ip Phone 7811 Firmware	10.3\(1\)
Cisco	Ip Phone 7811 Firmware	10.3\(1\)sr1
Cisco	Ip Phone 7811 Firmware	10.3\(1\)sr2
Cisco	Ip Phone 7811 Firmware	10.3\(1\)sr3
Cisco	Ip Phone 7811 Firmware	10.3\(1\)sr4
Cisco	Ip Phone 7811 Firmware	10.3\(1\)sr4b
Cisco	Ip Phone 7811 Firmware	10.3\(1\)sr5
Cisco	Ip Phone 7811 Firmware	10.3\(1\)sr6
Cisco	Ip Phone 7811 Firmware	10.3\(1\)sr7
Cisco	Ip Phone 7811 Firmware	10.3\(1.9\)
Cisco	Ip Phone 7811 Firmware	10.3\(1.11\)
Cisco	Ip Phone 7811 Firmware	10.3\(2\)
Cisco	Ip Phone 7811 Firmware	10.4\(1\)
Cisco	Ip Phone 7811 Firmware	10.4\(1\)sr2
Cisco	Ip Phone 7811 Firmware	11-0-1msr1-1
Cisco	Ip Phone 7811 Firmware	11.0\(0.7\)
Cisco	Ip Phone 7811 Firmware	11.0\(1\)
Cisco	Ip Phone 7811 Firmware	11.5\(1\)
Cisco	Ip Phone 7811 Firmware	11.5\(1\)sr1
Cisco	Ip Phone 7811 Firmware	11.7\(1\)
Cisco	Ip Phone 7811 Firmware	12.0\(1\)
Cisco	Ip Phone 7811 Firmware	12.0\(1\)sr1
Cisco	Ip Phone 7811 Firmware	12.0\(1\)sr2
Cisco	Ip Phone 7811 Firmware	12.0\(1\)sr3
Cisco	Ip Phone 7811 Firmware	12.1\(1\)
Cisco	Ip Phone 7811 Firmware	12.1\(1\)sr1
Cisco	Ip Phone 7811 Firmware	12.5\(1\)
Cisco	Ip Phone 7811 Firmware	12.5\(1\)sr1
Cisco	Ip Phone 7811 Firmware	12.5\(1\)sr2
Cisco	Ip Phone 7811 Firmware	12.5\(1\)sr3
Cisco	Ip Phone 7811 Firmware	12.6\(1\)
Cisco	Ip Phone 7811 Firmware	12.6\(1\)sr1
Cisco	Ip Phone 7811 Firmware	12.7\(1\)
Cisco	Ip Phone 7811 Firmware	12.7\(1\)sr1
Cisco	Ip Phone 7811 Firmware	12.8\(1\)
Cisco	Ip Phone 7811 Firmware	12.8\(1\)sr1
Cisco	Ip Phone 7811 Firmware	12.8\(1\)sr2
Cisco	Ip Phone 7811 Firmware	14.0\(1\)
Cisco	Ip Phone 7811 Firmware	14.0\(1\)sr1

Showing 50 of 702 affected configurations. See NVD for the full list.

References

Timeline

Published: Dec 12, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-20968?

How severe is CVE-2022-20968?

CVE-2022-20968 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 6.35% probability of exploitation in the next 30 days.

How do I fix CVE-2022-20968?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-20968?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST