While a security update to address CVE-2022-20968 is not yet available, Cisco provides mitigation advice for administrators who want to secure vulnerable devices in their environment from potential attacks. This requires disabling the Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery. “Devices will then use LLDP for the discovery of configuration data such as voice VLAN, power negotiation, and so on,” Cisco explained in a security advisory published Thursday. “This is not a trivial change and will require diligence on behalf of the enterprise to evaluate any potential impact to devices as well as the best approach to deploy this change in their enterprise.” Admins who want to deploy this mitigation are advised to test its effectiveness and applicability for their environment. Cisco warned that “customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.”
https://www.bleepingcomputer.com/news/security/cisco-discloses-high-severity-ip-phone-bug-with-exploit-code/
