CVE-2023-20047

Name of the Vulnerable Software and Affected Versions Cisco Webex Room Phone (affected versions not specified) Cisco Webex Share (affected versions not specified)

Description A vulnerability in the Link Layer Discovery Protocol (LLDP) feature could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to insufficient resource allocation and errors in memory deallocation. An attacker could exploit this by sending crafted LLDP traffic to an affected device, potentially exhausting the memory resources and causing the LLDP process to crash. If the device is configured to support LLDP only, this could interrupt inbound and outbound calling. By default, these devices support both Cisco Discovery Protocol and LLDP.

Recommendations For Cisco Webex Room Phone, to resolve the issue, a manual restart of the device is required to recover its operational state after a successful exploit. For Cisco Webex Share, as a temporary workaround, consider disabling the LLDP feature until a fix is available. Restrict access to the LLDP protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.