Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability
Description
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco IP Phone Cisco Discovery Protocol implementation allows unauthenticated, adjacent attacker to achieve remote code execution as root or cause a denial of service.
Vulnerability
A vulnerability in the Cisco Discovery Protocol (CDP) implementation for various Cisco IP Phone models, including the 6800, 7800, and 8800 series with Multiplatform Firmware ([1]), allows an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a device reload. The issue stems from missing input validation checks when processing crafted CDP messages. Cisco Discovery Protocol is a Layer 2 protocol, so the attacker must be in the same broadcast domain as the affected device.
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted Cisco Discovery Protocol packet to a targeted IP phone. The attacker needs network adjacency (Layer 2 access) but no authentication. No user interaction is required. The crafted CDP message triggers the vulnerability when processed by the device's Cisco Discovery Protocol implementation.
Impact
Successful exploitation allows the attacker to remotely execute arbitrary code with root privileges, gaining full control over the affected IP phone. Alternatively, an attacker could cause a reload of the device, resulting in a denial of service (DoS) condition [1]. Both outcomes result in a complete compromise of the device's CIA triad.
Mitigation
Cisco released software updates to address this vulnerability, as outlined in the security advisory [1]. There are no workarounds. Affected users should upgrade their Cisco IP Phone firmware to the fixed versions specified by Cisco. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the advisory date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dosmitrevendor-advisoryx_refsource_CISCO
- packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.