Vulnerability-Lookup

BDU:2021-01241

Vulnerability from fstec - Published: 03.03.2021

Title

Уязвимость реализации протоколов Cisco Discovery Protocol и Link Layer Discovery Protocol (LLDP) микропрограммного обеспечения IP-телефонов Cisco, позволяющая нарушителю вызвать перезагрузку устройства и отказ в обслуживании

Description

Уязвимость реализации протоколов Cisco Discovery Protocol и Link Layer Discovery Protocol (LLDP) микропрограммного обеспечения IP-телефонов Cisco связана с ошибками переполнения буфера. Эксплуатация уязвимости может позволить нарушителю вызвать перезагрузку устройства и отказ в обслуживании

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco IP Phone 8865 with Multiplatform, Cisco IP Phone 8861 with Multiplatform, Cisco IP Conference Phone 8832 with Multiplatform, IP Conference Phone 7832 with Multiplatform, Cisco IP Phone 6821 with Multiplatform, Cisco IP Phone 6841 with Multiplatform, Cisco IP Phone 6851 with Multiplatform, Cisco IP Phone 6861 with Multiplatform, Cisco IP Phone 6871 with Multiplatform, Cisco IP Phone 7811 with Multiplatform, Cisco IP Phone 7821 with Multiplatform, Cisco IP Phone 7841 with Multiplatform, Cisco IP Phone 7861 with Multiplatform, Cisco IP Phone 8811 with Multiplatform, Cisco IP Phone 8841 with Multiplatform, Cisco IP Phone 8851 with Multiplatform, Cisco IP Phone 8845 with Multiplatform, Cisco IP Phone 8811, Cisco IP Phone 8841, Cisco IP Phone 8851, Cisco IP Phone 8861, Cisco IP Phone 8845, Cisco IP Phone 8865, Cisco IP Conference Phone 7832, Cisco IP Conference Phone 8832, Cisco IP Phone 7811, Cisco IP Phone 7821, Cisco IP Phone 7841, Cisco IP Phone 7861, Cisco Unified IP 8831 Conference Phone, Cisco Wireless IP Phone 8821, Cisco Wireless IP Phone 8821-EX

Software Version

до 11.3(1)SR1 (Cisco IP Phone 8865 with Multiplatform), до 11.3.2 (Cisco IP Phone 8861 with Multiplatform), до 11.3(2) (Cisco IP Conference Phone 8832 with Multiplatform), до 11.3(2) (IP Conference Phone 7832 with Multiplatform), до 11.3(2) (Cisco IP Phone 6821 with Multiplatform), до 11.3(2) (Cisco IP Phone 6841 with Multiplatform), до 11.3(2) (Cisco IP Phone 6851 with Multiplatform), до 11.3(2) (Cisco IP Phone 6861 with Multiplatform), до 11.3(2) (Cisco IP Phone 6871 with Multiplatform), до 11.3(2) (Cisco IP Phone 7811 with Multiplatform), до 11.3(2) (Cisco IP Phone 7821 with Multiplatform), до 11.3(2) (Cisco IP Phone 7841 with Multiplatform), до 11.3(2) (Cisco IP Phone 7861 with Multiplatform), до 11.3(2) (Cisco IP Phone 8811 with Multiplatform), до 11.3(2) (Cisco IP Phone 8841 with Multiplatform), до 11.3(2) (Cisco IP Phone 8851 with Multiplatform), до 11.3(2) (Cisco IP Phone 8845 with Multiplatform), до 12.8(1) (Cisco IP Phone 8811), до 12.8(1) (Cisco IP Phone 8841), до 12.8(1) (Cisco IP Phone 8851), до 12.8(1) (Cisco IP Phone 8861), до 12.8(1) (Cisco IP Phone 8845), до 12.8(1) (Cisco IP Phone 8865), до 12.8(1) (Cisco IP Conference Phone 7832), до 12.8(1) (Cisco IP Conference Phone 8832), до 12.8(1) (Cisco IP Phone 7811), до 12.8(1) (Cisco IP Phone 7821), до 12.8(1) (Cisco IP Phone 7841), до 12.8(1) (Cisco IP Phone 7861), до 10.3(1) (Cisco Unified IP 8831 Conference Phone), до 11.0(6.6) (Cisco Wireless IP Phone 8821), до 11.0(6.6) (Cisco Wireless IP Phone 8821-EX)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3

CWE

CWE-120

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 11.3(1)SR1 (Cisco IP Phone 8865 with Multiplatform), \u0434\u043e 11.3.2 (Cisco IP Phone 8861 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Conference Phone 8832 with Multiplatform), \u0434\u043e 11.3(2) (IP Conference Phone 7832 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 6821 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 6841 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 6851 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 6861 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 6871 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 7811 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 7821 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 7841 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 7861 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 8811 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 8841 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 8851 with Multiplatform), \u0434\u043e 11.3(2) (Cisco IP Phone 8845 with Multiplatform), \u0434\u043e 12.8(1) (Cisco IP Phone 8811), \u0434\u043e 12.8(1) (Cisco IP Phone 8841), \u0434\u043e 12.8(1) (Cisco IP Phone 8851), \u0434\u043e 12.8(1) (Cisco IP Phone 8861), \u0434\u043e 12.8(1) (Cisco IP Phone 8845), \u0434\u043e 12.8(1) (Cisco IP Phone 8865), \u0434\u043e 12.8(1) (Cisco IP Conference Phone 7832), \u0434\u043e 12.8(1) (Cisco IP Conference Phone 8832), \u0434\u043e 12.8(1) (Cisco IP Phone 7811), \u0434\u043e 12.8(1) (Cisco IP Phone 7821), \u0434\u043e 12.8(1) (Cisco IP Phone 7841), \u0434\u043e 12.8(1) (Cisco IP Phone 7861), \u0434\u043e 10.3(1) (Cisco Unified IP 8831 Conference Phone), \u0434\u043e 11.0(6.6) (Cisco Wireless IP Phone 8821), \u0434\u043e 11.0(6.6) (Cisco Wireless IP Phone 8821-EX)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.03.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01241",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-1379",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IP Phone 8865 with Multiplatform, Cisco IP Phone 8861 with Multiplatform, Cisco IP Conference Phone 8832 with Multiplatform, IP Conference Phone 7832 with Multiplatform, Cisco IP Phone 6821 with Multiplatform, Cisco IP Phone 6841 with Multiplatform, Cisco IP Phone 6851 with Multiplatform, Cisco IP Phone 6861 with Multiplatform, Cisco IP Phone 6871 with Multiplatform, Cisco IP Phone 7811 with Multiplatform, Cisco IP Phone 7821 with Multiplatform, Cisco IP Phone 7841 with Multiplatform, Cisco IP Phone 7861 with Multiplatform, Cisco IP Phone 8811 with Multiplatform, Cisco IP Phone 8841 with Multiplatform, Cisco IP Phone 8851 with Multiplatform, Cisco IP Phone 8845 with Multiplatform, Cisco IP Phone 8811, Cisco IP Phone 8841, Cisco IP Phone 8851, Cisco IP Phone 8861, Cisco IP Phone 8845, Cisco IP Phone 8865, Cisco IP Conference Phone 7832, Cisco IP Conference Phone 8832, Cisco IP Phone 7811, Cisco IP Phone 7821, Cisco IP Phone 7841, Cisco IP Phone 7861, Cisco Unified IP 8831 Conference Phone, Cisco Wireless IP Phone 8821, Cisco Wireless IP Phone 8821-EX",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Cisco Discovery Protocol \u0438 Link Layer Discovery Protocol (LLDP) \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 Cisco, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Cisco Discovery Protocol \u0438 Link Layer Discovery Protocol (LLDP) \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 Cisco \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CVE-2021-1379 (GCVE-0-2021-1379)

Vulnerability from cvelistv5 – Published: 2024-11-18 15:42 – Updated: 2024-11-18 16:23

Title

Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Summary

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

cisco

References

URL

Tags

	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco IP Phones with Multiplatform Firmware

Affected: 11.1.2
Affected: 11.2.1
Affected: 11.2.3
Affected: 11.2.2
Affected: 11.2.3 MSR1-1
Affected: 11.1.2 MSR1-1
Affected: 11.1.1
Affected: 11.1.2 MSR3-1
Affected: 11.0.0
Affected: 11.1.1 MSR1-1
Affected: 11.0.1
Affected: 11.1.1 MSR2-1
Affected: 11.2.4
Affected: 11.0.1 MSR1-1
Affected: 11.0.2
Affected: 11.3.1
Affected: 11.3.1 MSR1-3
Affected: 11.3.2
Affected: 11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3

	Cisco	Cisco Session Initiation Protocol (SIP) Software	Affected: 9.0(3) Affected: 9.0(2)SR2 Affected: 9.0(2)SR1 Affected: 9.2(1) Affected: 9.4(2)SR1 Affected: 9.4(2) Affected: 9.4(2)SR2 Affected: 9.4(2)SR3 Affected: 9.3(1)SR2 Affected: 9.3(1)SR3 Affected: 9.3(1)SR1 Affected: 9.1(1)SR1 Affected: 9.3(1)SR4 Affected: 9.2(3) Affected: 9.2(1)SR2 Affected: 9.3(1) Affected: 9.4(2)SR4 Affected: 12.1(1)SR1 Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 11.0(2)SR1 Affected: 11.0(4) Affected: 11.0(2) Affected: 11.0(4)SR3 Affected: 11.0(5) Affected: 11.0(3)SR2 Affected: 11.0(3)SR4 Affected: 11.0(3)SR3 Affected: 11.0(2)SR2 Affected: 11.0(4)SR1 Affected: 11.0(5)SR3 Affected: 11.0(3) Affected: 11.0(5)SR2 Affected: 11.0(3)SR6 Affected: 11.0(5)SR1 Affected: 11.0(4)SR2 Affected: 11.0(3)SR1 Affected: 11.0(3)SR5
	Cisco	Cisco Small Business IP Phones	Affected: 7.4.8 Affected: 7.4.3 Affected: 7.5.5a Affected: 7.3.7 Affected: 7.5.2 Affected: 7.5.1 Affected: 7.4.6 Affected: 7.5.7 Affected: 7.4.4 Affected: 7.6.2SR3 Affected: 7.6.2 Affected: 7.5.6 Affected: 7.5.6c Affected: 7.6.0 Affected: 7.4.7 Affected: 7.6.2SR6 Affected: 7.5.2b Affected: 7.5.5 Affected: 7.5.6a Affected: 7.6.2SR2 Affected: 7.5.3 Affected: 7.5.2a Affected: 7.5.6(XU) Affected: 7.5.7s Affected: 7.6.2SR4 Affected: 7.6.2SR1 Affected: 7.4.9 Affected: 7.5.5b Affected: 7.6.2SR5 Affected: 7.5.4 Affected: 7.6.1 Affected: 7.6.2SR7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1379",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T16:22:56.651830Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-18T16:23:13.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IP Phones with Multiplatform Firmware",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.1.2"
            },
            {
              "status": "affected",
              "version": "11.2.1"
            },
            {
              "status": "affected",
              "version": "11.2.3"
            },
            {
              "status": "affected",
              "version": "11.2.2"
            },
            {
              "status": "affected",
              "version": "11.2.3 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.1.2 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.1.1"
            },
            {
              "status": "affected",
              "version": "11.1.2 MSR3-1"
            },
            {
              "status": "affected",
              "version": "11.0.0"
            },
            {
              "status": "affected",
              "version": "11.1.1 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.0.1"
            },
            {
              "status": "affected",
              "version": "11.1.1 MSR2-1"
            },
            {
              "status": "affected",
              "version": "11.2.4"
            },
            {
              "status": "affected",
              "version": "11.0.1 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.0.2"
            },
            {
              "status": "affected",
              "version": "11.3.1"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR1-3"
            },
            {
              "status": "affected",
              "version": "11.3.2"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR2-6"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR3-3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Session Initiation Protocol (SIP) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "9.0(3)"
            },
            {
              "status": "affected",
              "version": "9.0(2)SR2"
            },
            {
              "status": "affected",
              "version": "9.0(2)SR1"
            },
            {
              "status": "affected",
              "version": "9.2(1)"
            },
            {
              "status": "affected",
              "version": "9.4(2)SR1"
            },
            {
              "status": "affected",
              "version": "9.4(2)"
            },
            {
              "status": "affected",
              "version": "9.4(2)SR2"
            },
            {
              "status": "affected",
              "version": "9.4(2)SR3"
            },
            {
              "status": "affected",
              "version": "9.3(1)SR2"
            },
            {
              "status": "affected",
              "version": "9.3(1)SR3"
            },
            {
              "status": "affected",
              "version": "9.3(1)SR1"
            },
            {
              "status": "affected",
              "version": "9.1(1)SR1"
            },
            {
              "status": "affected",
              "version": "9.3(1)SR4"
            },
            {
              "status": "affected",
              "version": "9.2(3)"
            },
            {
              "status": "affected",
              "version": "9.2(1)SR2"
            },
            {
              "status": "affected",
              "version": "9.3(1)"
            },
            {
              "status": "affected",
              "version": "9.4(2)SR4"
            },
            {
              "status": "affected",
              "version": "12.1(1)SR1"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR4"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "10.4(1)SR2 3rd Party"
            },
            {
              "status": "affected",
              "version": "11.7(1)"
            },
            {
              "status": "affected",
              "version": "12.1(1)"
            },
            {
              "status": "affected",
              "version": "11.0(0.7) MPP"
            },
            {
              "status": "affected",
              "version": "9.3(4) 3rd Party"
            },
            {
              "status": "affected",
              "version": "12.5(1)SR2"
            },
            {
              "status": "affected",
              "version": "10.2(1)SR1"
            },
            {
              "status": "affected",
              "version": "9.3(4)SR3 3rd Party"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR2"
            },
            {
              "status": "affected",
              "version": "11-0-1MSR1-1"
            },
            {
              "status": "affected",
              "version": "10.4(1) 3rd Party"
            },
            {
              "status": "affected",
              "version": "12.5(1)SR1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SR1"
            },
            {
              "status": "affected",
              "version": "10.1(1)SR2"
            },
            {
              "status": "affected",
              "version": "12.0(1)SR2"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1.11) 3rd Party"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)SR1"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SR3"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR4b"
            },
            {
              "status": "affected",
              "version": "9.3(4)SR1 3rd Party"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR5"
            },
            {
              "status": "affected",
              "version": "10.1(1.9)"
            },
            {
              "status": "affected",
              "version": "10.3(1.9) 3rd Party"
            },
            {
              "status": "affected",
              "version": "9.3(4)SR2 3rd Party"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR1"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR3"
            },
            {
              "status": "affected",
              "version": "10.1(1)SR1"
            },
            {
              "status": "affected",
              "version": "12.0(1)SR3"
            },
            {
              "status": "affected",
              "version": "12.6(1)SR1"
            },
            {
              "status": "affected",
              "version": "12.7(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR6"
            },
            {
              "status": "affected",
              "version": "12.8(1)"
            },
            {
              "status": "affected",
              "version": "12.7(1)SR1"
            },
            {
              "status": "affected",
              "version": "11.0(2)SR1"
            },
            {
              "status": "affected",
              "version": "11.0(4)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "11.0(4)SR3"
            },
            {
              "status": "affected",
              "version": "11.0(5)"
            },
            {
              "status": "affected",
              "version": "11.0(3)SR2"
            },
            {
              "status": "affected",
              "version": "11.0(3)SR4"
            },
            {
              "status": "affected",
              "version": "11.0(3)SR3"
            },
            {
              "status": "affected",
              "version": "11.0(2)SR2"
            },
            {
              "status": "affected",
              "version": "11.0(4)SR1"
            },
            {
              "status": "affected",
              "version": "11.0(5)SR3"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "11.0(5)SR2"
            },
            {
              "status": "affected",
              "version": "11.0(3)SR6"
            },
            {
              "status": "affected",
              "version": "11.0(5)SR1"
            },
            {
              "status": "affected",
              "version": "11.0(4)SR2"
            },
            {
              "status": "affected",
              "version": "11.0(3)SR1"
            },
            {
              "status": "affected",
              "version": "11.0(3)SR5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Small Business IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.8"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            },
            {
              "status": "affected",
              "version": "7.5.5a"
            },
            {
              "status": "affected",
              "version": "7.3.7"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.6"
            },
            {
              "status": "affected",
              "version": "7.5.7"
            },
            {
              "status": "affected",
              "version": "7.4.4"
            },
            {
              "status": "affected",
              "version": "7.6.2SR3"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.5.6"
            },
            {
              "status": "affected",
              "version": "7.5.6c"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.4.7"
            },
            {
              "status": "affected",
              "version": "7.6.2SR6"
            },
            {
              "status": "affected",
              "version": "7.5.2b"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "7.5.6a"
            },
            {
              "status": "affected",
              "version": "7.6.2SR2"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.2a"
            },
            {
              "status": "affected",
              "version": "7.5.6(XU)"
            },
            {
              "status": "affected",
              "version": "7.5.7s"
            },
            {
              "status": "affected",
              "version": "7.6.2SR4"
            },
            {
              "status": "affected",
              "version": "7.6.2SR1"
            },
            {
              "status": "affected",
              "version": "7.4.9"
            },
            {
              "status": "affected",
              "version": "7.5.5b"
            },
            {
              "status": "affected",
              "version": "7.6.2SR5"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2SR7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the Cisco\u0026nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco\u0026nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco\u0026nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco\u0026nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco\u0026nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T15:42:00.388Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
        "defects": [
          "CSCvu59351"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1379",
    "datePublished": "2024-11-18T15:42:00.388Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-18T16:23:13.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2021-01241

CVE-2021-1379 (GCVE-0-2021-1379)

Tags

Sightings

Nomenclature