CVE-2021-1379 (GCVE-0-2021-1379)
Vulnerability from cvelistv5
Published
2024-11-18 15:42
Modified
2024-11-18 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.
These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco IP Phones with Multiplatform Firmware |
Version: 11.1.2 Version: 11.2.1 Version: 11.2.3 Version: 11.2.2 Version: 11.2.3 MSR1-1 Version: 11.1.2 MSR1-1 Version: 11.1.1 Version: 11.1.2 MSR3-1 Version: 11.0.0 Version: 11.1.1 MSR1-1 Version: 11.0.1 Version: 11.1.1 MSR2-1 Version: 11.2.4 Version: 11.0.1 MSR1-1 Version: 11.0.2 Version: 11.3.1 Version: 11.3.1 MSR1-3 Version: 11.3.2 Version: 11.3.1 MSR2-6 Version: 11.3.1 MSR3-3 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T16:22:56.651830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:23:13.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9.0(3)"
},
{
"status": "affected",
"version": "9.0(2)SR2"
},
{
"status": "affected",
"version": "9.0(2)SR1"
},
{
"status": "affected",
"version": "9.2(1)"
},
{
"status": "affected",
"version": "9.4(2)SR1"
},
{
"status": "affected",
"version": "9.4(2)"
},
{
"status": "affected",
"version": "9.4(2)SR2"
},
{
"status": "affected",
"version": "9.4(2)SR3"
},
{
"status": "affected",
"version": "9.3(1)SR2"
},
{
"status": "affected",
"version": "9.3(1)SR3"
},
{
"status": "affected",
"version": "9.3(1)SR1"
},
{
"status": "affected",
"version": "9.1(1)SR1"
},
{
"status": "affected",
"version": "9.3(1)SR4"
},
{
"status": "affected",
"version": "9.2(3)"
},
{
"status": "affected",
"version": "9.2(1)SR2"
},
{
"status": "affected",
"version": "9.3(1)"
},
{
"status": "affected",
"version": "9.4(2)SR4"
},
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "11.0(2)SR1"
},
{
"status": "affected",
"version": "11.0(4)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.0(4)SR3"
},
{
"status": "affected",
"version": "11.0(5)"
},
{
"status": "affected",
"version": "11.0(3)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR4"
},
{
"status": "affected",
"version": "11.0(3)SR3"
},
{
"status": "affected",
"version": "11.0(2)SR2"
},
{
"status": "affected",
"version": "11.0(4)SR1"
},
{
"status": "affected",
"version": "11.0(5)SR3"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "11.0(5)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR6"
},
{
"status": "affected",
"version": "11.0(5)SR1"
},
{
"status": "affected",
"version": "11.0(4)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR1"
},
{
"status": "affected",
"version": "11.0(3)SR5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Small Business IP Phones",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.4.8"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.5.5a"
},
{
"status": "affected",
"version": "7.3.7"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.6"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.4.4"
},
{
"status": "affected",
"version": "7.6.2SR3"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.6"
},
{
"status": "affected",
"version": "7.5.6c"
},
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.4.7"
},
{
"status": "affected",
"version": "7.6.2SR6"
},
{
"status": "affected",
"version": "7.5.2b"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.5.6a"
},
{
"status": "affected",
"version": "7.6.2SR2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.2a"
},
{
"status": "affected",
"version": "7.5.6(XU)"
},
{
"status": "affected",
"version": "7.5.7s"
},
{
"status": "affected",
"version": "7.6.2SR4"
},
{
"status": "affected",
"version": "7.6.2SR1"
},
{
"status": "affected",
"version": "7.4.9"
},
{
"status": "affected",
"version": "7.5.5b"
},
{
"status": "affected",
"version": "7.6.2SR5"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2SR7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco\u0026nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco\u0026nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco\u0026nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco\u0026nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco\u0026nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:42:00.388Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
}
],
"source": {
"advisory": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
"defects": [
"CSCvu59351"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1379",
"datePublished": "2024-11-18T15:42:00.388Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-18T16:23:13.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-1379\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2024-11-18T16:15:09.310\",\"lastModified\":\"2024-11-18T17:11:17.393\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in the Cisco\u0026nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco\u0026nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\\r\\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco\u0026nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco\u0026nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco\u0026nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\"},{\"lang\":\"es\",\"value\":\"Varias vulnerabilidades en las implementaciones de Cisco Discovery Protocol y Link Layer Discovery Protocol (LLDP) para los tel\u00e9fonos IP de Cisco de las series 68xx/78xx/88xx podr\u00edan permitir que un atacante adyacente no autenticado ejecute c\u00f3digo de forma remota o provoque una recarga de un tel\u00e9fono IP afectado. Estas vulnerabilidades se deben a la falta de comprobaciones cuando el tel\u00e9fono IP procesa un paquete Cisco Discovery Protocol o LLDP. Un atacante podr\u00eda explotar estas vulnerabilidades enviando un paquete Cisco Discovery Protocol o LLDP malicioso al tel\u00e9fono IP de destino. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo en el tel\u00e9fono IP afectado o hacer que se recargue inesperadamente, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Nota: Cisco Discovery Protocol es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de software que solucionan estas vulnerabilidades. No existen workarounds que solucionen estas vulnerabilidades.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3\",\"source\":\"psirt@cisco.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-18T16:22:56.651830Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-18T16:23:00.881Z\"}}], \"cna\": {\"title\": \"Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities\", \"source\": {\"defects\": [\"CSCvu59351\"], \"advisory\": \"cisco-sa-ipphone-rce-dos-U2PsSkz3\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IP Phones with Multiplatform Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1.2\"}, {\"status\": \"affected\", \"version\": \"11.2.1\"}, {\"status\": \"affected\", \"version\": \"11.2.3\"}, {\"status\": \"affected\", \"version\": \"11.2.2\"}, {\"status\": \"affected\", \"version\": \"11.2.3 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.1.2 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.1.1\"}, {\"status\": \"affected\", \"version\": \"11.1.2 MSR3-1\"}, {\"status\": \"affected\", \"version\": \"11.0.0\"}, {\"status\": \"affected\", \"version\": \"11.1.1 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.0.1\"}, {\"status\": \"affected\", \"version\": \"11.1.1 MSR2-1\"}, {\"status\": \"affected\", \"version\": \"11.2.4\"}, {\"status\": \"affected\", \"version\": \"11.0.1 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.0.2\"}, {\"status\": \"affected\", \"version\": \"11.3.1\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR1-3\"}, {\"status\": \"affected\", \"version\": \"11.3.2\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR2-6\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR3-3\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Session Initiation Protocol (SIP) Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0(3)\"}, {\"status\": \"affected\", \"version\": \"9.0(2)SR2\"}, {\"status\": \"affected\", \"version\": \"9.0(2)SR1\"}, {\"status\": \"affected\", \"version\": \"9.2(1)\"}, {\"status\": \"affected\", \"version\": \"9.4(2)SR1\"}, {\"status\": \"affected\", \"version\": \"9.4(2)\"}, {\"status\": \"affected\", \"version\": \"9.4(2)SR2\"}, {\"status\": \"affected\", \"version\": \"9.4(2)SR3\"}, {\"status\": \"affected\", \"version\": \"9.3(1)SR2\"}, {\"status\": \"affected\", \"version\": \"9.3(1)SR3\"}, {\"status\": \"affected\", \"version\": \"9.3(1)SR1\"}, {\"status\": \"affected\", \"version\": \"9.1(1)SR1\"}, {\"status\": \"affected\", \"version\": \"9.3(1)SR4\"}, {\"status\": \"affected\", \"version\": \"9.2(3)\"}, {\"status\": \"affected\", \"version\": \"9.2(1)SR2\"}, {\"status\": \"affected\", \"version\": \"9.3(1)\"}, {\"status\": \"affected\", \"version\": \"9.4(2)SR4\"}, {\"status\": \"affected\", \"version\": \"12.1(1)SR1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(2)\"}, {\"status\": \"affected\", \"version\": \"10.2(2)\"}, {\"status\": \"affected\", \"version\": \"10.3(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR4\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"10.4(1)SR2 3rd Party\"}, {\"status\": \"affected\", \"version\": \"11.7(1)\"}, {\"status\": \"affected\", \"version\": \"12.1(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(0.7) MPP\"}, {\"status\": \"affected\", \"version\": \"9.3(4) 3rd Party\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SR2\"}, {\"status\": \"affected\", \"version\": \"10.2(1)SR1\"}, {\"status\": \"affected\", \"version\": \"9.3(4)SR3 3rd Party\"}, {\"status\": \"affected\", \"version\": \"10.2(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR2\"}, {\"status\": \"affected\", \"version\": \"11-0-1MSR1-1\"}, {\"status\": \"affected\", \"version\": \"10.4(1) 3rd Party\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SR1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SR1\"}, {\"status\": \"affected\", \"version\": \"10.1(1)SR2\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SR2\"}, {\"status\": \"affected\", \"version\": \"12.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(1.11) 3rd Party\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SR1\"}, {\"status\": \"affected\", \"version\": \"9.3(3)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SR3\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR4b\"}, {\"status\": \"affected\", \"version\": \"9.3(4)SR1 3rd Party\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR5\"}, {\"status\": \"affected\", \"version\": \"10.1(1.9)\"}, {\"status\": \"affected\", \"version\": \"10.3(1.9) 3rd Party\"}, {\"status\": \"affected\", \"version\": \"9.3(4)SR2 3rd Party\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR1\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR3\"}, {\"status\": \"affected\", \"version\": \"10.1(1)SR1\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SR3\"}, {\"status\": \"affected\", \"version\": \"12.6(1)SR1\"}, {\"status\": \"affected\", \"version\": \"12.7(1)\"}, {\"status\": \"affected\", \"version\": \"10.3(1)SR6\"}, {\"status\": \"affected\", \"version\": \"12.8(1)\"}, {\"status\": \"affected\", \"version\": \"12.7(1)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(2)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(4)\"}, {\"status\": \"affected\", \"version\": \"11.0(2)\"}, {\"status\": \"affected\", \"version\": \"11.0(4)SR3\"}, {\"status\": \"affected\", \"version\": \"11.0(5)\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR2\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR4\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR3\"}, {\"status\": \"affected\", \"version\": \"11.0(2)SR2\"}, {\"status\": \"affected\", \"version\": \"11.0(4)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(5)SR3\"}, {\"status\": \"affected\", \"version\": \"11.0(3)\"}, {\"status\": \"affected\", \"version\": \"11.0(5)SR2\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR6\"}, {\"status\": \"affected\", \"version\": \"11.0(5)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(4)SR2\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR1\"}, {\"status\": \"affected\", \"version\": \"11.0(3)SR5\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Small Business IP Phones\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.8\"}, {\"status\": \"affected\", \"version\": \"7.4.3\"}, {\"status\": \"affected\", \"version\": \"7.5.5a\"}, {\"status\": \"affected\", \"version\": \"7.3.7\"}, {\"status\": \"affected\", \"version\": \"7.5.2\"}, {\"status\": \"affected\", \"version\": \"7.5.1\"}, {\"status\": \"affected\", \"version\": \"7.4.6\"}, {\"status\": \"affected\", \"version\": \"7.5.7\"}, {\"status\": \"affected\", \"version\": \"7.4.4\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR3\"}, {\"status\": \"affected\", \"version\": \"7.6.2\"}, {\"status\": \"affected\", \"version\": \"7.5.6\"}, {\"status\": \"affected\", \"version\": \"7.5.6c\"}, {\"status\": \"affected\", \"version\": \"7.6.0\"}, {\"status\": \"affected\", \"version\": \"7.4.7\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR6\"}, {\"status\": \"affected\", \"version\": \"7.5.2b\"}, {\"status\": \"affected\", \"version\": \"7.5.5\"}, {\"status\": \"affected\", \"version\": \"7.5.6a\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR2\"}, {\"status\": \"affected\", \"version\": \"7.5.3\"}, {\"status\": \"affected\", \"version\": \"7.5.2a\"}, {\"status\": \"affected\", \"version\": \"7.5.6(XU)\"}, {\"status\": \"affected\", \"version\": \"7.5.7s\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR4\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR1\"}, {\"status\": \"affected\", \"version\": \"7.4.9\"}, {\"status\": \"affected\", \"version\": \"7.5.5b\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR5\"}, {\"status\": \"affected\", \"version\": \"7.5.4\"}, {\"status\": \"affected\", \"version\": \"7.6.1\"}, {\"status\": \"affected\", \"version\": \"7.6.2SR7\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco\\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3\", \"name\": \"cisco-sa-ipphone-rce-dos-U2PsSkz3\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple vulnerabilities in the Cisco\u0026nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco\u0026nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\\r\\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco\u0026nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco\u0026nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco\u0026nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-120\", \"description\": \"Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-11-18T15:42:00.388Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-1379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-18T16:23:13.534Z\", \"dateReserved\": \"2020-11-13T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-11-18T15:42:00.388Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…