cve-2021-1379
Vulnerability from cvelistv5
Published
2024-11-18 15:42
Modified
2024-11-18 16:23
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.
These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco IP Phones with Multiplatform Firmware |
Version: 11.1.2 Version: 11.2.1 Version: 11.2.3 Version: 11.2.2 Version: 11.2.3 MSR1-1 Version: 11.1.2 MSR1-1 Version: 11.1.1 Version: 11.1.2 MSR3-1 Version: 11.0.0 Version: 11.1.1 MSR1-1 Version: 11.0.1 Version: 11.1.1 MSR2-1 Version: 11.2.4 Version: 11.0.1 MSR1-1 Version: 11.0.2 Version: 11.3.1 Version: 11.3.1 MSR1-3 Version: 11.3.2 Version: 11.3.1 MSR2-6 Version: 11.3.1 MSR3-3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-1379", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T16:22:56.651830Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:23:13.534Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco IP Phones with Multiplatform Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "11.1.2", }, { status: "affected", version: "11.2.1", }, { status: "affected", version: "11.2.3", }, { status: "affected", version: "11.2.2", }, { status: "affected", version: "11.2.3 MSR1-1", }, { status: "affected", version: "11.1.2 MSR1-1", }, { status: "affected", version: "11.1.1", }, { status: "affected", version: "11.1.2 MSR3-1", }, { status: "affected", version: "11.0.0", }, { status: "affected", version: "11.1.1 MSR1-1", }, { status: "affected", version: "11.0.1", }, { status: "affected", version: "11.1.1 MSR2-1", }, { status: "affected", version: "11.2.4", }, { status: "affected", version: "11.0.1 MSR1-1", }, { status: "affected", version: "11.0.2", }, { status: "affected", version: "11.3.1", }, { status: "affected", version: "11.3.1 MSR1-3", }, { status: "affected", version: "11.3.2", }, { status: "affected", version: "11.3.1 MSR2-6", }, { status: "affected", version: "11.3.1 MSR3-3", }, ], }, { defaultStatus: "unknown", product: "Cisco Session Initiation Protocol (SIP) Software", vendor: "Cisco", versions: [ { status: "affected", version: "9.0(3)", }, { status: "affected", version: "9.0(2)SR2", }, { status: "affected", version: "9.0(2)SR1", }, { status: "affected", version: "9.2(1)", }, { status: "affected", version: "9.4(2)SR1", }, { status: "affected", version: "9.4(2)", }, { status: "affected", version: "9.4(2)SR2", }, { status: "affected", version: "9.4(2)SR3", }, { status: "affected", version: "9.3(1)SR2", }, { status: "affected", version: "9.3(1)SR3", }, { status: "affected", version: "9.3(1)SR1", }, { status: "affected", version: "9.1(1)SR1", }, { status: "affected", version: "9.3(1)SR4", }, { status: "affected", version: "9.2(3)", }, { status: "affected", version: "9.2(1)SR2", }, { status: "affected", version: "9.3(1)", }, { status: "affected", version: "9.4(2)SR4", }, { status: "affected", version: "12.1(1)SR1", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "10.3(2)", }, { status: "affected", version: "10.2(2)", }, { status: "affected", version: "10.3(1)", }, { status: "affected", version: "10.3(1)SR4", }, { status: "affected", version: "11.0(1)", }, { status: "affected", version: "10.4(1)SR2 3rd Party", }, { status: "affected", version: "11.7(1)", }, { status: "affected", version: "12.1(1)", }, { status: "affected", version: "11.0(0.7) MPP", }, { status: "affected", version: "9.3(4) 3rd Party", }, { status: "affected", version: "12.5(1)SR2", }, { status: "affected", version: "10.2(1)SR1", }, { status: "affected", version: "9.3(4)SR3 3rd Party", }, { status: "affected", version: "10.2(1)", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "10.3(1)SR2", }, { status: "affected", version: "11-0-1MSR1-1", }, { status: "affected", version: "10.4(1) 3rd Party", }, { status: "affected", version: "12.5(1)SR1", }, { status: "affected", version: "11.5(1)SR1", }, { status: "affected", version: "10.1(1)SR2", }, { status: "affected", version: "12.0(1)SR2", }, { status: "affected", version: "12.6(1)", }, { status: "affected", version: "10.3(1.11) 3rd Party", }, { status: "affected", version: "12.0(1)", }, { status: "affected", version: "12.0(1)SR1", }, { status: "affected", version: "9.3(3)", }, { status: "affected", version: "12.5(1)SR3", }, { status: "affected", version: "10.3(1)SR4b", }, { status: "affected", version: "9.3(4)SR1 3rd Party", }, { status: "affected", version: "10.3(1)SR5", }, { status: "affected", version: "10.1(1.9)", }, { status: "affected", version: "10.3(1.9) 3rd Party", }, { status: "affected", version: "9.3(4)SR2 3rd Party", }, { status: "affected", version: "10.3(1)SR1", }, { status: "affected", version: "10.3(1)SR3", }, { status: "affected", version: "10.1(1)SR1", }, { status: "affected", version: "12.0(1)SR3", }, { status: "affected", version: "12.6(1)SR1", }, { status: "affected", version: "12.7(1)", }, { status: "affected", version: "10.3(1)SR6", }, { status: "affected", version: "12.8(1)", }, { status: "affected", version: "12.7(1)SR1", }, { status: "affected", version: "11.0(2)SR1", }, { status: "affected", version: "11.0(4)", }, { status: "affected", version: "11.0(2)", }, { status: "affected", version: "11.0(4)SR3", }, { status: "affected", version: "11.0(5)", }, { status: "affected", version: "11.0(3)SR2", }, { status: "affected", version: "11.0(3)SR4", }, { status: "affected", version: "11.0(3)SR3", }, { status: "affected", version: "11.0(2)SR2", }, { status: "affected", version: "11.0(4)SR1", }, { status: "affected", version: "11.0(5)SR3", }, { status: "affected", version: "11.0(3)", }, { status: "affected", version: "11.0(5)SR2", }, { status: "affected", version: "11.0(3)SR6", }, { status: "affected", version: "11.0(5)SR1", }, { status: "affected", version: "11.0(4)SR2", }, { status: "affected", version: "11.0(3)SR1", }, { status: "affected", version: "11.0(3)SR5", }, ], }, { defaultStatus: "unknown", product: "Cisco Small Business IP Phones", vendor: "Cisco", versions: [ { status: "affected", version: "7.4.8", }, { status: "affected", version: "7.4.3", }, { status: "affected", version: "7.5.5a", }, { status: "affected", version: "7.3.7", }, { status: "affected", version: "7.5.2", }, { status: "affected", version: "7.5.1", }, { status: "affected", version: "7.4.6", }, { status: "affected", version: "7.5.7", }, { status: "affected", version: "7.4.4", }, { status: "affected", version: "7.6.2SR3", }, { status: "affected", version: "7.6.2", }, { status: "affected", version: "7.5.6", }, { status: "affected", version: "7.5.6c", }, { status: "affected", version: "7.6.0", }, { status: "affected", version: "7.4.7", }, { status: "affected", version: "7.6.2SR6", }, { status: "affected", version: "7.5.2b", }, { status: "affected", version: "7.5.5", }, { status: "affected", version: "7.5.6a", }, { status: "affected", version: "7.6.2SR2", }, { status: "affected", version: "7.5.3", }, { status: "affected", version: "7.5.2a", }, { status: "affected", version: "7.5.6(XU)", }, { status: "affected", version: "7.5.7s", }, { status: "affected", version: "7.6.2SR4", }, { status: "affected", version: "7.6.2SR1", }, { status: "affected", version: "7.4.9", }, { status: "affected", version: "7.5.5b", }, { status: "affected", version: "7.6.2SR5", }, { status: "affected", version: "7.5.4", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.6.2SR7", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-18T15:42:00.388Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-ipphone-rce-dos-U2PsSkz3", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3", }, { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", }, ], source: { advisory: "cisco-sa-ipphone-rce-dos-U2PsSkz3", defects: [ "CSCvu59351", ], discovery: "EXTERNAL", }, title: "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1379", datePublished: "2024-11-18T15:42:00.388Z", dateReserved: "2020-11-13T00:00:00.000Z", dateUpdated: "2024-11-18T16:23:13.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-1379\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2024-11-18T16:15:09.310\",\"lastModified\":\"2024-11-18T17:11:17.393\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\\r\\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\"},{\"lang\":\"es\",\"value\":\"Varias vulnerabilidades en las implementaciones de Cisco Discovery Protocol y Link Layer Discovery Protocol (LLDP) para los teléfonos IP de Cisco de las series 68xx/78xx/88xx podrían permitir que un atacante adyacente no autenticado ejecute código de forma remota o provoque una recarga de un teléfono IP afectado. Estas vulnerabilidades se deben a la falta de comprobaciones cuando el teléfono IP procesa un paquete Cisco Discovery Protocol o LLDP. Un atacante podría explotar estas vulnerabilidades enviando un paquete Cisco Discovery Protocol o LLDP malicioso al teléfono IP de destino. Una explotación exitosa podría permitir al atacante ejecutar código en el teléfono IP afectado o hacer que se recargue inesperadamente, lo que resultaría en una condición de denegación de servicio (DoS). Nota: Cisco Discovery Protocol es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de software que solucionan estas vulnerabilidades. No existen workarounds que solucionen estas vulnerabilidades.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3\",\"source\":\"ykramarz@cisco.com\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-18T16:22:56.651830Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-18T16:23:00.881Z\"}}], \"cna\": {\"title\": \"Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities\", \"source\": {\"defects\": [\"CSCvu59351\"], \"advisory\": \"cisco-sa-ipphone-rce-dos-U2PsSkz3\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IP Phones with Multiplatform Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1.2\"}, {\"status\": \"affected\", \"version\": \"11.2.1\"}, {\"status\": \"affected\", \"version\": \"11.2.3\"}, {\"status\": \"affected\", \"version\": \"11.2.2\"}, {\"status\": \"affected\", \"version\": \"11.2.3 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.1.2 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.1.1\"}, {\"status\": \"affected\", \"version\": \"11.1.2 MSR3-1\"}, {\"status\": \"affected\", \"version\": \"11.0.0\"}, {\"status\": \"affected\", \"version\": \"11.1.1 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.0.1\"}, {\"status\": \"affected\", \"version\": \"11.1.1 MSR2-1\"}, {\"status\": \"affected\", \"version\": \"11.2.4\"}, {\"status\": \"affected\", \"version\": \"11.0.1 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.0.2\"}, {\"status\": \"affected\", \"version\": \"11.3.1\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR1-3\"}, {\"status\": \"affected\", \"version\": \"11.3.2\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR2-6\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR3-3\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Session Initiation Protocol (SIP) Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0(3)\"}, {\"status\": \"affected\", \"version\": \"9.0(2)SR2\"}, {\"status\": \"affected\", \"version\": \"9.0(2)SR1\"}, {\"status\": \"affected\", \"version\": \"9.2(1)\"}, {\"status\": \"affected\", \"version\": \"9.4(2)SR1\"}, {\"status\": \"affected\", \"version\": \"9.4(2)\"}, {\"status\": \"affected\", \"version\": \"9.4(2)SR2\"}, {\"status\": \"affected\", \"version\": \"9.4(2)SR3\"}, {\"status\": \"affected\", \"version\": \"9.3(1)SR2\"}, {\"status\": \"affected\", \"version\": \"9.3(1)SR3\"}, {\"status\": \"affected\", \"version\": \"9.3(1)SR1\"}, {\"status\": \"affected\", \"version\": \"9.1(1)SR1\"}, {\"status\": \"affected\", \"version\": \"9.3(1)SR4\"}, {\"status\": \"affected\", \"version\": \"9.2(3)\"}, {\"status\": \"affected\", \"version\": \"9.2(1)SR2\"}, {\"status\": \"affected\", \"version\": \"9.3(1)\"}, {\"status\": \"affected\", \"version\": \"9.4(2)SR4\"}, {\"status\": \"affected\", \"version\": \"12.1(1)SR1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(2)\"}, {\"status\": \"affected\", \"version\": \"10.2(2)\"}, {\"status\": \"affected\", \"version\": \"10.3(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR4\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"10.4(1)SR2 3rd Party\"}, {\"status\": \"affected\", \"version\": \"11.7(1)\"}, {\"status\": \"affected\", \"version\": \"12.1(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(0.7) MPP\"}, {\"status\": \"affected\", \"version\": \"9.3(4) 3rd Party\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SR2\"}, {\"status\": \"affected\", \"version\": \"10.2(1)SR1\"}, {\"status\": \"affected\", \"version\": \"9.3(4)SR3 3rd Party\"}, {\"status\": \"affected\", \"version\": \"10.2(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR2\"}, {\"status\": \"affected\", \"version\": \"11-0-1MSR1-1\"}, {\"status\": \"affected\", \"version\": \"10.4(1) 3rd Party\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SR1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SR1\"}, {\"status\": \"affected\", \"version\": \"10.1(1)SR2\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SR2\"}, {\"status\": \"affected\", \"version\": \"12.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(1.11) 3rd Party\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SR1\"}, {\"status\": \"affected\", \"version\": \"9.3(3)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SR3\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR4b\"}, {\"status\": \"affected\", \"version\": \"9.3(4)SR1 3rd Party\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR5\"}, {\"status\": \"affected\", \"version\": \"10.1(1.9)\"}, {\"status\": \"affected\", \"version\": \"10.3(1.9) 3rd Party\"}, {\"status\": \"affected\", \"version\": \"9.3(4)SR2 3rd Party\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR1\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR3\"}, {\"status\": \"affected\", \"version\": \"10.1(1)SR1\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SR3\"}, {\"status\": \"affected\", \"version\": \"12.6(1)SR1\"}, {\"status\": \"affected\", \"version\": \"12.7(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR6\"}, {\"status\": \"affected\", \"version\": \"12.8(1)\"}, {\"status\": \"affected\", \"version\": \"12.7(1)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(2)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(4)\"}, {\"status\": \"affected\", \"version\": \"11.0(2)\"}, {\"status\": \"affected\", \"version\": \"11.0(4)SR3\"}, {\"status\": \"affected\", \"version\": \"11.0(5)\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR2\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR4\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR3\"}, {\"status\": \"affected\", \"version\": \"11.0(2)SR2\"}, {\"status\": \"affected\", \"version\": \"11.0(4)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(5)SR3\"}, {\"status\": \"affected\", \"version\": \"11.0(3)\"}, {\"status\": \"affected\", \"version\": \"11.0(5)SR2\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR6\"}, {\"status\": \"affected\", \"version\": \"11.0(5)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(4)SR2\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Small Business IP Phones\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.8\"}, {\"status\": \"affected\", \"version\": \"7.4.3\"}, {\"status\": \"affected\", \"version\": \"7.5.5a\"}, {\"status\": \"affected\", \"version\": \"7.3.7\"}, {\"status\": \"affected\", \"version\": \"7.5.2\"}, {\"status\": \"affected\", \"version\": \"7.5.1\"}, {\"status\": \"affected\", \"version\": \"7.4.6\"}, {\"status\": \"affected\", \"version\": \"7.5.7\"}, {\"status\": \"affected\", \"version\": \"7.4.4\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR3\"}, {\"status\": \"affected\", \"version\": \"7.6.2\"}, {\"status\": \"affected\", \"version\": \"7.5.6\"}, {\"status\": \"affected\", \"version\": \"7.5.6c\"}, {\"status\": \"affected\", \"version\": \"7.6.0\"}, {\"status\": \"affected\", \"version\": \"7.4.7\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR6\"}, {\"status\": \"affected\", \"version\": \"7.5.2b\"}, {\"status\": \"affected\", \"version\": \"7.5.5\"}, {\"status\": \"affected\", \"version\": \"7.5.6a\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR2\"}, {\"status\": \"affected\", \"version\": \"7.5.3\"}, {\"status\": \"affected\", \"version\": \"7.5.2a\"}, {\"status\": \"affected\", \"version\": \"7.5.6(XU)\"}, {\"status\": \"affected\", \"version\": \"7.5.7s\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR4\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR1\"}, {\"status\": \"affected\", \"version\": \"7.4.9\"}, {\"status\": \"affected\", \"version\": \"7.5.5b\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR5\"}, {\"status\": \"affected\", \"version\": \"7.5.4\"}, {\"status\": \"affected\", \"version\": \"7.6.1\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR7\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco\\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3\", \"name\": \"cisco-sa-ipphone-rce-dos-U2PsSkz3\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\\r\\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-120\", \"description\": \"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-11-18T15:42:00.388Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2021-1379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-18T16:23:13.534Z\", \"dateReserved\": \"2020-11-13T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-11-18T15:42:00.388Z\", \"assignerShortName\": \"cisco\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.