Description

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

INFO

Published Date :

2024-11-18T15:42:00.388Z

Last Modified :

2024-11-18T16:23:13.534Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2021-1379 vulnerability.

Vendors Products
Cisco
  • Ip Conference Phone 7832
  • Ip Conference Phone 7832 Firmware
  • Ip Conference Phone 7832 With Multiplatform Firmware
  • Ip Conference Phone 8832
  • Ip Conference Phone 8832 Firmware
  • Ip Conference Phone 8832 With Multiplatform Firmware
  • Ip Phone 6821
  • Ip Phone 6821 With Multiplatform Firmware
  • Ip Phone 6841
  • Ip Phone 6841 With Multiplatform Firmware
  • Ip Phone 6851
  • Ip Phone 6851 With Multiplatform Firmware
  • Ip Phone 6861
  • Ip Phone 6861 With Multiplatform Firmware
  • Ip Phone 6871
  • Ip Phone 6871 With Multiplatform Firmware
  • Ip Phone 7811
  • Ip Phone 7811 Firmware
  • Ip Phone 7811 With Multiplatform Firmware
  • Ip Phone 7821
  • Ip Phone 7821 Firmware
  • Ip Phone 7821 With Multiplatform Firmware
  • Ip Phone 7841
  • Ip Phone 7841 Firmware
  • Ip Phone 7841 With Multiplatform Firmware
  • Ip Phone 7861
  • Ip Phone 7861 Firmware
  • Ip Phone 7861 With Multiplatform Firmware
  • Ip Phone 8811
  • Ip Phone 8811 Firmware
  • Ip Phone 8811 With Multiplatform Firmware
  • Ip Phone 8841
  • Ip Phone 8841 Firmware
  • Ip Phone 8841 With Multiplatform Firmware
  • Ip Phone 8845
  • Ip Phone 8845 Firmware
  • Ip Phone 8845 With Multiplatform Firmware
  • Ip Phone 8851
  • Ip Phone 8851 Firmware
  • Ip Phone 8851 With Multiplatform Firmware
  • Ip Phone 8861
  • Ip Phone 8861 Firmware
  • Ip Phone 8861 With Multiplatform Firmware
  • Ip Phone 8865
  • Ip Phone 8865 Firmware
  • Ip Phone 8865 With Multiplatform Firmware
  • Spa525g
  • Spa525g Firmware
  • Unified Ip Conference Phone 8831
  • Unified Ip Conference Phone 8831 Firmware
  • Unified Ip Conference Phone 8831 For Third-party Call Control Firmware
  • Wireless Ip Phone 8821
  • Wireless Ip Phone 8821-ex
  • Wireless Ip Phone 8821-ex Firmware
  • Wireless Ip Phone 8821 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-1379.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3 cve-icon cve-icon
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact