Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability By Orbit Brain December 10, 2022 0 272 views Dwelling › VulnerabilitiesCisco Engaged on Patch for Publicly Disclosed IP Cellphone VulnerabilityBy Eduard Kovacs on December 09, 2022TweetCisco knowledgeable prospects on Thursday that it’s engaged on patches for a high-severity vulnerability affecting a few of its IP telephones.The flaw, tracked as CVE-2022-20968, impacts 7800 sequence and 8800 sequence (besides 8821) Cisco IP telephones. There are not any workarounds, however Cisco did present a mitigation that can be utilized till patches are launched by the corporate.CVE-2022-20968 has been described by the networking big as a stack buffer overflow associated to the Discovery Protocol processing function.An unauthenticated, adjoining attacker might exploit the vulnerability by sending specifically crafted Discovery Protocol packets to the focused gadget. Exploitation can result in arbitrary code execution or a denial-of-service (DoS) situation.Cisco IP telephones operating firmware model 14.2 and earlier are impacted. A patch is scheduled for January 2023.The corporate says it’s not conscious of any malicious assaults exploiting the vulnerability, however famous that the flaw has been “publicly mentioned” and a proof-of-concept (PoC) exploit is out there.SecurityWeek couldn’t instantly discover the PoC and public disclosure. Nonetheless, the vulnerability was reported to Cisco by Qian Chen of Codesafe Staff of Legendsec at Chinese language cybersecurity agency Qi’anxin Group and the knowledge may solely be obtainable in Chinese language.Qi’anxin researchers have reported vulnerabilities to a number of main software program and {hardware} distributors over the previous years, together with Oracle, Moxa, HPE, Apple and Google.Associated: Cisco ISE Vulnerabilities Can Be Chained in One-Click on ExploitAssociated: CISA Warns of Assaults Exploiting Cisco, Gigabyte VulnerabilitiesAssociated: Cisco Confirms In-the-Wild Exploitation of Two VPN VulnerabilitiesAssociated: Cisco Customers Knowledgeable of Vulnerabilities in Id Providers EngineGet the Each day Briefing Most LatestMost LearnInterpres Safety Emerges From Stealth Mode With $8.5 Million in FundingHealthcare Organizations Warned of Royal Ransomware AssaultsCisco Engaged on Patch for Publicly Disclosed IP Cellphone VulnerabilityLF Electromagnetic Radiation Used for Stealthy Information Theft From Air-Gapped TechniquesSOHO Exploits Earn Hackers Over $100,000 on Day three of Pwn2Own Toronto 2022Over 4,000 Weak Pulse Join Safe Hosts Uncovered to WebEU Court docket: Google Should Delete Inaccurate Search Information If RequestedEradicating the Limitations to Safety Automation ImplementationApple Scraps CSAM Detection Instrument for iCloud PhotographsVulnerabilities Permit Researcher to Flip Safety Merchandise Into WipersOn the lookout for Malware in All of the Mistaken Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureTips on how to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingTips on how to Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp Cisco code execution CVE-2022-20968 DoS IP phone PoC vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
CISA Warns of Zoho ManageEngine RCE Vulnerability ExploitationIntroducing the Cyber Security News CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation.... September 24, 2022 Cyber Security News
AppSec Startup ArmorCode Raises $14 MillionIntroducing the Cyber Security News AppSec Startup ArmorCode Raises $14 Million.... November 16, 2022 Cyber Security News
Cyber Firm Darktrace Shares Surge on Possible TakeoverIntroducing the Cyber Security News Cyber Firm Darktrace Shares Surge on Possible Takeover.... August 16, 2022 Cyber Security News
BlackByte Ransomware Abuses Legitimate Driver to Disable Security ProtectionsIntroducing the Cyber Security News BlackByte Ransomware Abuses Legitimate Driver to Disable Security Protections.... October 6, 2022 Cyber Security News
Albania Suffers Renewed Cyberattack, Blames IranIntroducing the Cyber Security News Albania Suffers Renewed Cyberattack, Blames Iran.... September 10, 2022 Cyber Security News
Security Researchers Looking at Mastodon as Its Popularity SoarsIntroducing the Cyber Security News Security Researchers Looking at Mastodon as Its Popularity Soars.... November 21, 2022 Cyber Security News
Are Arbitrum Investors Still Selling Off? Analysts Remain Bullish On ARB As Price Surges 5.2%March 21, 2024 64