Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

N/A

输入验证不恰当

Cisco IP Phone Cisco Discovery Protocol 输入验证错误漏洞

Cisco IP Phone中的Cisco Discovery Protocol实现存在输入验证错误漏洞，该漏洞程序在处理Cisco Discovery Protocol消息时，缺少检查。攻击者可通过发送恶意的Cisco Discovery Protocol数据包利用该漏洞以root权限执行代码或造成拒绝服务。

N/A

N/A