We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2021-1379

Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities



Description

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Reserved 2020-11-13 | Published 2024-11-18 | Updated 2024-11-18 | Assigner cisco


MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unknown

11.1.2
affected

11.2.1
affected

11.2.3
affected

11.2.2
affected

11.2.3 MSR1-1
affected

11.1.2 MSR1-1
affected

11.1.1
affected

11.1.2 MSR3-1
affected

11.0.0
affected

11.1.1 MSR1-1
affected

11.0.1
affected

11.1.1 MSR2-1
affected

11.2.4
affected

11.0.1 MSR1-1
affected

11.0.2
affected

11.3.1
affected

11.3.1 MSR1-3
affected

11.3.2
affected

11.3.1 MSR2-6
affected

11.3.1 MSR3-3
affected

Default status
unknown

9.0(3)
affected

9.0(2)SR2
affected

9.0(2)SR1
affected

9.2(1)
affected

9.4(2)SR1
affected

9.4(2)
affected

9.4(2)SR2
affected

9.4(2)SR3
affected

9.3(1)SR2
affected

9.3(1)SR3
affected

9.3(1)SR1
affected

9.1(1)SR1
affected

9.3(1)SR4
affected

9.2(3)
affected

9.2(1)SR2
affected

9.3(1)
affected

9.4(2)SR4
affected

12.1(1)SR1
affected

11.5(1)
affected

10.3(2)
affected

10.2(2)
affected

10.3(1)
affected

10.3(1)SR4
affected

11.0(1)
affected

10.4(1)SR2 3rd Party
affected

11.7(1)
affected

12.1(1)
affected

11.0(0.7) MPP
affected

9.3(4) 3rd Party
affected

12.5(1)SR2
affected

10.2(1)SR1
affected

9.3(4)SR3 3rd Party
affected

10.2(1)
affected

12.5(1)
affected

10.3(1)SR2
affected

11-0-1MSR1-1
affected

10.4(1) 3rd Party
affected

12.5(1)SR1
affected

11.5(1)SR1
affected

10.1(1)SR2
affected

12.0(1)SR2
affected

12.6(1)
affected

10.3(1.11) 3rd Party
affected

12.0(1)
affected

12.0(1)SR1
affected

9.3(3)
affected

12.5(1)SR3
affected

10.3(1)SR4b
affected

9.3(4)SR1 3rd Party
affected

10.3(1)SR5
affected

10.1(1.9)
affected

10.3(1.9) 3rd Party
affected

9.3(4)SR2 3rd Party
affected

10.3(1)SR1
affected

10.3(1)SR3
affected

10.1(1)SR1
affected

12.0(1)SR3
affected

12.6(1)SR1
affected

12.7(1)
affected

10.3(1)SR6
affected

12.8(1)
affected

12.7(1)SR1
affected

11.0(2)SR1
affected

11.0(4)
affected

11.0(2)
affected

11.0(4)SR3
affected

11.0(5)
affected

11.0(3)SR2
affected

11.0(3)SR4
affected

11.0(3)SR3
affected

11.0(2)SR2
affected

11.0(4)SR1
affected

11.0(5)SR3
affected

11.0(3)
affected

11.0(5)SR2
affected

11.0(3)SR6
affected

11.0(5)SR1
affected

11.0(4)SR2
affected

11.0(3)SR1
affected

11.0(3)SR5
affected

Default status
unknown

7.4.8
affected

7.4.3
affected

7.5.5a
affected

7.3.7
affected

7.5.2
affected

7.5.1
affected

7.4.6
affected

7.5.7
affected

7.4.4
affected

7.6.2SR3
affected

7.6.2
affected

7.5.6
affected

7.5.6c
affected

7.6.0
affected

7.4.7
affected

7.6.2SR6
affected

7.5.2b
affected

7.5.5
affected

7.5.6a
affected

7.6.2SR2
affected

7.5.3
affected

7.5.2a
affected

7.5.6(XU)
affected

7.5.7s
affected

7.6.2SR4
affected

7.6.2SR1
affected

7.4.9
affected

7.5.5b
affected

7.6.2SR5
affected

7.5.4
affected

7.6.1
affected

7.6.2SR7
affected

References

sec.cloudapps.cisco.com/...cisco-sa-ipphone-rce-dos-U2PsSkz3 (cisco-sa-ipphone-rce-dos-U2PsSkz3)

sec.cloudapps.cisco.com/...y/cisco-sa-webex-distupd-N87eB6Z3

cve.org (CVE-2021-1379)

nvd.nist.gov (CVE-2021-1379)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-1379

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.