{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-20968","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","requesterUserId":"4087f8c1-b21c-479b-99df-de23cb76b743","dateReserved":"2021-11-02T13:28:29.197Z","datePublished":"2022-12-08T16:13:11.258Z","dateUpdated":"2024-08-03T02:31:58.569Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-01-25T16:57:28.167Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device."}],"affected":[{"vendor":"Cisco","product":"Cisco Session Initiation Protocol (SIP) Software","versions":[{"version":"9.3(4) 3rd Party","status":"affected"},{"version":"9.3(4)SR3 3rd Party","status":"affected"},{"version":"9.3(4)SR1 3rd Party","status":"affected"},{"version":"9.3(4)SR2 3rd Party","status":"affected"},{"version":"11.5(1)","status":"affected"},{"version":"11.7(1)","status":"affected"},{"version":"11.0(0.7) MPP","status":"affected"},{"version":"11.0(1) MPP","status":"affected"},{"version":"11.0(1)","status":"affected"},{"version":"11.5(1)SR1","status":"affected"},{"version":"11-0-1MSR1-1","status":"affected"},{"version":"10.4(1) 3rd Party","status":"affected"},{"version":"10.3(1.11) 3rd Party","status":"affected"},{"version":"10.2(2)","status":"affected"},{"version":"10.2(1)SR1","status":"affected"},{"version":"10.1(1.9)","status":"affected"},{"version":"10.1(1)SR2","status":"affected"},{"version":"10.2(1)","status":"affected"},{"version":"10.1(1)SR1","status":"affected"},{"version":"10.4(1)SR2 3rd Party","status":"affected"},{"version":"10.3(1)","status":"affected"},{"version":"10.3(1)SR4b","status":"affected"},{"version":"10.3(1)SR5","status":"affected"},{"version":"10.3(1.9) 3rd Party","status":"affected"},{"version":"10.3(2)","status":"affected"},{"version":"10.3(1)SR4","status":"affected"},{"version":"10.3(1)SR2","status":"affected"},{"version":"10.3(1)SR3","status":"affected"},{"version":"10.3(1)SR1","status":"affected"},{"version":"12.6(1)","status":"affected"},{"version":"12.1(1)","status":"affected"},{"version":"12.5(1)SR1","status":"affected"},{"version":"12.5(1)SR2","status":"affected"},{"version":"12.5(1)","status":"affected"},{"version":"12.5(1)SR3","status":"affected"},{"version":"12.6(1)SR1","status":"affected"},{"version":"12.7(1)","status":"affected"},{"version":"12.1(1)SR1","status":"affected"},{"version":"12.0(1)","status":"affected"},{"version":"12.0(1)SR2","status":"affected"},{"version":"12.0(1)SR1","status":"affected"},{"version":"12.0(1)SR3","status":"affected"},{"version":"12.8(1)","status":"affected"},{"version":"12.8(1)SR1","status":"affected"},{"version":"12.8(1)SR2","status":"affected"},{"version":"10.3(1)SR6","status":"affected"},{"version":"10.3(1)SR7","status":"affected"},{"version":"12.7(1)SR1","status":"affected"},{"version":"14.0(1)SR1","status":"affected"},{"version":"14.0(1)","status":"affected"},{"version":"14.0(1)SR2","status":"affected"},{"version":"14.0(1)SR3","status":"affected"},{"version":"14.1(1)","status":"affected"},{"version":"14.1(1)SR1","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Out-of-bounds Write","type":"cwe","cweId":"CWE-787"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U","name":"cisco-sa-ipp-oobwrite-8cMF5r7U"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory and that this vulnerability has been publicly discussed.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-ipp-oobwrite-8cMF5r7U","discovery":"EXTERNAL","defects":["CSCwb28354"]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T02:31:58.569Z"},"title":"CVE Program Container","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U","name":"cisco-sa-ipp-oobwrite-8cMF5r7U","tags":["x_transferred"]}]}]}}