CVE-2021-1379 | THREATINT

Description

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

PUBLISHED Reserved 2020-11-13 | Published 2024-11-18 | Updated 2024-11-18 | Assigner cisco

MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status

unknown

11.1.2

affected

11.2.1

affected

11.2.3

affected

11.2.2

affected

11.2.3 MSR1-1

affected

11.1.2 MSR1-1

affected

11.1.1

affected

11.1.2 MSR3-1

affected

11.0.0

affected

11.1.1 MSR1-1

affected

11.0.1

affected

11.1.1 MSR2-1

affected

11.2.4

affected

11.0.1 MSR1-1

affected

11.0.2

affected

11.3.1

affected

11.3.1 MSR1-3

affected

11.3.2

affected

11.3.1 MSR2-6

affected

11.3.1 MSR3-3

affected

Default status

unknown

9.0(3)

affected

9.0(2)SR2

affected

9.0(2)SR1

affected

9.2(1)

affected

9.4(2)SR1

affected

9.4(2)

affected

9.4(2)SR2

affected

9.4(2)SR3

affected

9.3(1)SR2

affected

9.3(1)SR3

affected

9.3(1)SR1

affected

9.1(1)SR1

affected

9.3(1)SR4

affected

9.2(3)

affected

9.2(1)SR2

affected

9.3(1)

affected

9.4(2)SR4

affected

12.1(1)SR1

affected

11.5(1)

affected

10.3(2)

affected

10.2(2)

affected

10.3(1)

affected

10.3(1)SR4

affected

11.0(1)

affected

10.4(1)SR2 3rd Party

affected

11.7(1)

affected

12.1(1)

affected

11.0(0.7) MPP

affected

9.3(4) 3rd Party

affected

12.5(1)SR2

affected

10.2(1)SR1

affected

9.3(4)SR3 3rd Party

affected

10.2(1)

affected

12.5(1)

affected

10.3(1)SR2

affected

11-0-1MSR1-1

affected

10.4(1) 3rd Party

affected

12.5(1)SR1

affected

11.5(1)SR1

affected

10.1(1)SR2

affected

12.0(1)SR2

affected

12.6(1)

affected

10.3(1.11) 3rd Party

affected

12.0(1)

affected

12.0(1)SR1

affected

9.3(3)

affected

12.5(1)SR3

affected

10.3(1)SR4b

affected

9.3(4)SR1 3rd Party

affected

10.3(1)SR5

affected

10.1(1.9)

affected

10.3(1.9) 3rd Party

affected

9.3(4)SR2 3rd Party

affected

10.3(1)SR1

affected

10.3(1)SR3

affected

10.1(1)SR1

affected

12.0(1)SR3

affected

12.6(1)SR1

affected

12.7(1)

affected

10.3(1)SR6

affected

12.8(1)

affected

12.7(1)SR1

affected

11.0(2)SR1

affected

11.0(4)

affected

11.0(2)

affected

11.0(4)SR3

affected

11.0(5)

affected

11.0(3)SR2

affected

11.0(3)SR4

affected

11.0(3)SR3

affected

11.0(2)SR2

affected

11.0(4)SR1

affected

11.0(5)SR3

affected

11.0(3)

affected

11.0(5)SR2

affected

11.0(3)SR6

affected

11.0(5)SR1

affected

11.0(4)SR2

affected

11.0(3)SR1

affected

11.0(3)SR5

affected

Default status

unknown

7.4.8

affected

7.4.3

affected

7.5.5a

affected

7.3.7

affected

7.5.2

affected

7.5.1

affected

7.4.6

affected

7.5.7

affected

7.4.4

affected

7.6.2SR3

affected

7.6.2

affected

7.5.6

affected

7.5.6c

affected

7.6.0

affected

7.4.7

affected

7.6.2SR6

affected

7.5.2b

affected

7.5.5

affected

7.5.6a

affected

7.6.2SR2

affected

7.5.3

affected

7.5.2a

affected

7.5.6(XU)

affected

7.5.7s

affected

7.6.2SR4

affected

7.6.2SR1

affected

7.4.9

affected

7.5.5b

affected

7.6.2SR5

affected

7.5.4

affected

7.6.1

affected

7.6.2SR7

affected

References

sec.cloudapps.cisco.com/...cisco-sa-ipphone-rce-dos-U2PsSkz3 (cisco-sa-ipphone-rce-dos-U2PsSkz3)

sec.cloudapps.cisco.com/...y/cisco-sa-webex-distupd-N87eB6Z3

cve.org (CVE-2021-1379)

nvd.nist.gov (CVE-2021-1379)

Download JSON