gsd - gsd-2021-1379

gsd-2021-1379

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2021-1379

Aliases

CVE-2021-1379

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1379",
    "id": "GSD-2021-1379"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1379"
      ],
      "id": "GSD-2021-1379",
      "modified": "2023-12-13T01:23:22.143514Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-1379",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

CVE-2021-1379 (GCVE-0-2021-1379)

Vulnerability from cvelistv5

Published

2024-11-18 15:42

Modified

2024-11-18 16:23

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Summary

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

References

►

URL

Tags

	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3

Impacted products

Vendor

Product

Version

►

Cisco

Cisco IP Phones with Multiplatform Firmware

Version: 11.1.2
Version: 11.2.1
Version: 11.2.3
Version: 11.2.2
Version: 11.2.3 MSR1-1
Version: 11.1.2 MSR1-1
Version: 11.1.1
Version: 11.1.2 MSR3-1
Version: 11.0.0
Version: 11.1.1 MSR1-1
Version: 11.0.1
Version: 11.1.1 MSR2-1
Version: 11.2.4
Version: 11.0.1 MSR1-1
Version: 11.0.2
Version: 11.3.1
Version: 11.3.1 MSR1-3
Version: 11.3.2
Version: 11.3.1 MSR2-6
Version: 11.3.1 MSR3-3

	Cisco	Cisco Session Initiation Protocol (SIP) Software	Version: 9.0(3) Version: 9.0(2)SR2 Version: 9.0(2)SR1 Version: 9.2(1) Version: 9.4(2)SR1 Version: 9.4(2) Version: 9.4(2)SR2 Version: 9.4(2)SR3 Version: 9.3(1)SR2 Version: 9.3(1)SR3 Version: 9.3(1)SR1 Version: 9.1(1)SR1 Version: 9.3(1)SR4 Version: 9.2(3) Version: 9.2(1)SR2 Version: 9.3(1) Version: 9.4(2)SR4 Version: 12.1(1)SR1 Version: 11.5(1) Version: 10.3(2) Version: 10.2(2) Version: 10.3(1) Version: 10.3(1)SR4 Version: 11.0(1) Version: 10.4(1)SR2 3rd Party Version: 11.7(1) Version: 12.1(1) Version: 11.0(0.7) MPP Version: 9.3(4) 3rd Party Version: 12.5(1)SR2 Version: 10.2(1)SR1 Version: 9.3(4)SR3 3rd Party Version: 10.2(1) Version: 12.5(1) Version: 10.3(1)SR2 Version: 11-0-1MSR1-1 Version: 10.4(1) 3rd Party Version: 12.5(1)SR1 Version: 11.5(1)SR1 Version: 10.1(1)SR2 Version: 12.0(1)SR2 Version: 12.6(1) Version: 10.3(1.11) 3rd Party Version: 12.0(1) Version: 12.0(1)SR1 Version: 9.3(3) Version: 12.5(1)SR3 Version: 10.3(1)SR4b Version: 9.3(4)SR1 3rd Party Version: 10.3(1)SR5 Version: 10.1(1.9) Version: 10.3(1.9) 3rd Party Version: 9.3(4)SR2 3rd Party Version: 10.3(1)SR1 Version: 10.3(1)SR3 Version: 10.1(1)SR1 Version: 12.0(1)SR3 Version: 12.6(1)SR1 Version: 12.7(1) Version: 10.3(1)SR6 Version: 12.8(1) Version: 12.7(1)SR1 Version: 11.0(2)SR1 Version: 11.0(4) Version: 11.0(2) Version: 11.0(4)SR3 Version: 11.0(5) Version: 11.0(3)SR2 Version: 11.0(3)SR4 Version: 11.0(3)SR3 Version: 11.0(2)SR2 Version: 11.0(4)SR1 Version: 11.0(5)SR3 Version: 11.0(3) Version: 11.0(5)SR2 Version: 11.0(3)SR6 Version: 11.0(5)SR1 Version: 11.0(4)SR2 Version: 11.0(3)SR1 Version: 11.0(3)SR5
	Cisco	Cisco Small Business IP Phones	Version: 7.4.8 Version: 7.4.3 Version: 7.5.5a Version: 7.3.7 Version: 7.5.2 Version: 7.5.1 Version: 7.4.6 Version: 7.5.7 Version: 7.4.4 Version: 7.6.2SR3 Version: 7.6.2 Version: 7.5.6 Version: 7.5.6c Version: 7.6.0 Version: 7.4.7 Version: 7.6.2SR6 Version: 7.5.2b Version: 7.5.5 Version: 7.5.6a Version: 7.6.2SR2 Version: 7.5.3 Version: 7.5.2a Version: 7.5.6(XU) Version: 7.5.7s Version: 7.6.2SR4 Version: 7.6.2SR1 Version: 7.4.9 Version: 7.5.5b Version: 7.6.2SR5 Version: 7.5.4 Version: 7.6.1 Version: 7.6.2SR7

Show details on NVD website