Today a collection of five vulnerabilities affecting Cisco phones and switches has been published. These vulnerabilities, identified collectively as CDPwn by Armis, the security firm that discovered them present a significant risk in many enterprise environments. For most enterprise customers, the vulnerabilities affecting phones (CVE-2020-3111) and switches running NX-OS (CVE-2020-3119 and CVE-2020-3120) are the principal areas of concern.
The most positive element of these issues is that they will not allow an external party to enter an environment remotely. They can permit an attacker with a foothold to traverse the network or attack significant portions of it.
We will be working with our managed service customers to plan the upgrades required to address these issues in their UC environments. If you need help staying on top of security updates in your organization please contact the Stack8 Team