CVE-2021-1379

CWE-120Classic Buffer Overflow4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 69.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
35
Cisco IP Conference Phone 7832 FirmwareCisco IP Conference Phone 7832 With Multiplatform FirmwareCisco IP Conference Phone 8832 Firmware+32 more
Timeline
PublishedNov 18

Description

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP pack

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages35 packages

NVDcisco/ip_phone_7811_firmware< 12.8\(1\)+1
NVDcisco/ip_phone_7821_firmware< 12.8\(1\)+1
NVDcisco/ip_phone_7841_firmware< 12.8\(1\)+1
NVDcisco/ip_phone_7861_firmware< 12.8\(1\)+1

🔴Vulnerability Details

2
GHSA
GHSA-722m-4rr5-cvfh: Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/2024-11-18
CVEList
Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities2024-11-18

📋Vendor Advisories

1
Cisco
Cisco IP Phones Buffer Overflow and Denial of Service Vulnerabilities2021-03-03
CVE-2021-1379 (MEDIUM CVSS 6.5) | Multiple vulnerabilities in the Cis | cvebase.io