Description
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.
These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Reserved 2020-11-13 | Published 2024-11-18 | Updated 2024-11-18 | Assigner
ciscoMEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X
Product status
Default status
unknown
11.1.2
affected
11.2.1
affected
11.2.3
affected
11.2.2
affected
11.2.3 MSR1-1
affected
11.1.2 MSR1-1
affected
11.1.1
affected
11.1.2 MSR3-1
affected
11.0.0
affected
11.1.1 MSR1-1
affected
11.0.1
affected
11.1.1 MSR2-1
affected
11.2.4
affected
11.0.1 MSR1-1
affected
11.0.2
affected
11.3.1
affected
11.3.1 MSR1-3
affected
11.3.2
affected
11.3.1 MSR2-6
affected
11.3.1 MSR3-3
affected
Default status
unknown
9.0(3)
affected
9.0(2)SR2
affected
9.0(2)SR1
affected
9.2(1)
affected
9.4(2)SR1
affected
9.4(2)
affected
9.4(2)SR2
affected
9.4(2)SR3
affected
9.3(1)SR2
affected
9.3(1)SR3
affected
9.3(1)SR1
affected
9.1(1)SR1
affected
9.3(1)SR4
affected
9.2(3)
affected
9.2(1)SR2
affected
9.3(1)
affected
9.4(2)SR4
affected
12.1(1)SR1
affected
11.5(1)
affected
10.3(2)
affected
10.2(2)
affected
10.3(1)
affected
10.3(1)SR4
affected
11.0(1)
affected
10.4(1)SR2 3rd Party
affected
11.7(1)
affected
12.1(1)
affected
11.0(0.7) MPP
affected
9.3(4) 3rd Party
affected
12.5(1)SR2
affected
10.2(1)SR1
affected
9.3(4)SR3 3rd Party
affected
10.2(1)
affected
12.5(1)
affected
10.3(1)SR2
affected
11-0-1MSR1-1
affected
10.4(1) 3rd Party
affected
12.5(1)SR1
affected
11.5(1)SR1
affected
10.1(1)SR2
affected
12.0(1)SR2
affected
12.6(1)
affected
10.3(1.11) 3rd Party
affected
12.0(1)
affected
12.0(1)SR1
affected
9.3(3)
affected
12.5(1)SR3
affected
10.3(1)SR4b
affected
9.3(4)SR1 3rd Party
affected
10.3(1)SR5
affected
10.1(1.9)
affected
10.3(1.9) 3rd Party
affected
9.3(4)SR2 3rd Party
affected
10.3(1)SR1
affected
10.3(1)SR3
affected
10.1(1)SR1
affected
12.0(1)SR3
affected
12.6(1)SR1
affected
12.7(1)
affected
10.3(1)SR6
affected
12.8(1)
affected
12.7(1)SR1
affected
11.0(2)SR1
affected
11.0(4)
affected
11.0(2)
affected
11.0(4)SR3
affected
11.0(5)
affected
11.0(3)SR2
affected
11.0(3)SR4
affected
11.0(3)SR3
affected
11.0(2)SR2
affected
11.0(4)SR1
affected
11.0(5)SR3
affected
11.0(3)
affected
11.0(5)SR2
affected
11.0(3)SR6
affected
11.0(5)SR1
affected
11.0(4)SR2
affected
11.0(3)SR1
affected
11.0(3)SR5
affected
Default status
unknown
7.4.8
affected
7.4.3
affected
7.5.5a
affected
7.3.7
affected
7.5.2
affected
7.5.1
affected
7.4.6
affected
7.5.7
affected
7.4.4
affected
7.6.2SR3
affected
7.6.2
affected
7.5.6
affected
7.5.6c
affected
7.6.0
affected
7.4.7
affected
7.6.2SR6
affected
7.5.2b
affected
7.5.5
affected
7.5.6a
affected
7.6.2SR2
affected
7.5.3
affected
7.5.2a
affected
7.5.6(XU)
affected
7.5.7s
affected
7.6.2SR4
affected
7.6.2SR1
affected
7.4.9
affected
7.5.5b
affected
7.6.2SR5
affected
7.5.4
affected
7.6.1
affected
7.6.2SR7
affected
References
sec.cloudapps.cisco.com/...scoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3 (cisco-sa-ipphone-rce-dos-U2PsSkz3)
sec.cloudapps.cisco.com/...CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3
cve.org (CVE-2021-1379)
nvd.nist.gov (CVE-2021-1379)
Download JSON
Subscribe to our newsletter to learn more about our work.