Cisco IP Phones and CDP Vulnerability

On February 5, 2020, Cisco released a list of products impacted by a CDP vulnerability. As per Cisco: “the vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone.” This post is specifically focused on patching the vulnerability on Cisco IP phones, but other Cisco products are also impacted.

cisco-phone

The following phones were impacted by this vulnerability (note both Enterprise as MPP firmware are impacted):

Conference Phones:

  • 7800: 7832
  • 8800: 8831, 8832

 

Desk Phones:

  • 6800 Series: 6821, 6841, 6851, 6861, 6871
  • 7800 Series: 7811, 7821, 7841, 7861
  • 8800 Series: 8811, 8841, 8851, 8861, 8845, 8865

 W-Fi:

  • 8821, 8821-EX

The patch for this is updating your IP phones to new firmware. All phones have released new firmware to address this vulnerability except 8831, which is expected to be released in March 2020. Depending on what release of firmware you’re on today, you may experience some User Interface changes. SMP can also address any UI changes and help create a communication plan, training, plan, or other relevant content through our Client Experience (CX) team.

For more information or if you’d like assistance completing this patch, please reach out to your SMP Account Manager.

Source: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos