Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading to remote code execution and denial of service (DoS) attacks.
The vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets.