CVE-2021-1379

Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.
These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Varias vulnerabilidades en las implementaciones de Cisco Discovery Protocol y Link Layer Discovery Protocol (LLDP) para los teléfonos IP de Cisco de las series 68xx/78xx/88xx podrían permitir que un atacante adyacente no autenticado ejecute código de forma remota o provoque una recarga de un teléfono IP afectado. Estas vulnerabilidades se deben a la falta de comprobaciones cuando el teléfono IP procesa un paquete Cisco Discovery Protocol o LLDP. Un atacante podría explotar estas vulnerabilidades enviando un paquete Cisco Discovery Protocol o LLDP malicioso al teléfono IP de destino. Una explotación exitosa podría permitir al atacante ejecutar código en el teléfono IP afectado o hacer que se recargue inesperadamente, lo que resultaría en una condición de denegación de servicio (DoS). Nota: Cisco Discovery Protocol es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de software que solucionan estas vulnerabilidades. No existen workarounds que solucionen estas vulnerabilidades.

*Credits: N/A

CVSS Scores

Ciscov3.1 6.5

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2020-11-13 CVE Reserved
2024-11-18 CVE Published
2024-11-18 CVE Updated
2024-11-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (2)

URL	Tag	Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.1.2 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.1.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.2.1 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.2.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.2.3 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.2.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.2.2 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.2.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.1.1 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.1.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.0.0 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.0.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.0.1 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.0.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.2.4 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.2.4"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.0.2 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.0.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.3.1 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.3.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco IP Phones With Multiplatform Firmware Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware"				11.3.2 Search vendor "Cisco" for product "Cisco IP Phones With Multiplatform Firmware" and version "11.3.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				9.0 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "9.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				9.2 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "9.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				9.4 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "9.4"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				9.2 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "9.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				9.3 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "9.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				11.5 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "11.5"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				10.3 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "10.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				10.2 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "10.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				10.3 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "10.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				11.0 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "11.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				11.7 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "11.7"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				12.1 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "12.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				11.0 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "11.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				10.2 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "10.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				12.5 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "12.5"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				12.6 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "12.6"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				12.0 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "12.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				9.3 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "9.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				10.1 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "10.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				12.7 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "12.7"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				12.8 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "12.8"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				11.0 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "11.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				11.0 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "11.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				11.0 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "11.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Session Initiation Protocol (SIP) Software Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software"				11.0 Search vendor "Cisco" for product "Cisco Session Initiation Protocol (SIP) Software" and version "11.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.4.8 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.4.8"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.4.3 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.4.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.5 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.5"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.3.7 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.3.7"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.2 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.1 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.1"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.4.6 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.4.6"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.7 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.7"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.4.4 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.4.4"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.6.2 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.6.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.6 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.6"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.6 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.6"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.6.0 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.6.0"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.4.7 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.4.7"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.2 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.5 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.5"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.6 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.6"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.3 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.3"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.2 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.2"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.6 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.6"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.7 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.7"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.4.9 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.4.9"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.5 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.5"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.5.4 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.5.4"		en		Affected
Cisco Search vendor "Cisco"		Cisco Small Business IP Phones Search vendor "Cisco" for product "Cisco Small Business IP Phones"				7.6.1 Search vendor "Cisco" for product "Cisco Small Business IP Phones" and version "7.6.1"		en		Affected