CVE-2021-1379
Published: Nov 18, 2024
Modified: Nov 18, 2024
CVSS v3.1
6.5
Description
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
| Vendor | Product | Versions |
|---|---|---|
Cisco | Cisco IP Phones with Multiplatform Firmware | affected 11.1.2affected 11.2.1affected 11.2.3affected 11.2.2affected 11.2.3 MSR1-1+15 more versions |
Cisco | Cisco Session Initiation Protocol (SIP) Software | affected 9.0(3)affected 9.0(2)SR2affected 9.0(2)SR1affected 9.2(1)affected 9.4(2)SR1+75 more versions |
Cisco | Cisco Small Business IP Phones | affected 7.4.8affected 7.4.3affected 7.5.5aaffected 7.3.7affected 7.5.2+27 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now