CVE-2021-1379 - Vulnerability Details

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Title		Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
Weaknesses		CWE-120
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-1379", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2020-11-13T00:00:00.000Z", "datePublished": "2024-11-18T15:42:00.388Z", "dateUpdated": "2024-11-18T16:23:13.534Z"}, "containers": {"cna": {"title": "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the Cisco&nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco&nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco&nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco&nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco&nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3", "name": "cisco-sa-ipphone-rce-dos-U2PsSkz3"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"}], "exploits": [{"lang": "en", "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-ipphone-rce-dos-U2PsSkz3", "discovery": "EXTERNAL", "defects": ["CSCvu59351"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "cwe", "cweId": "CWE-120"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco IP Phones with Multiplatform Firmware", "versions": [{"version": "11.1.2", "status": "affected"}, {"version": "11.2.1", "status": "affected"}, {"version": "11.2.3", "status": "affected"}, {"version": "11.2.2", "status": "affected"}, {"version": "11.2.3 MSR1-1", "status": "affected"}, {"version": "11.1.2 MSR1-1", "status": "affected"}, {"version": "11.1.1", "status": "affected"}, {"version": "11.1.2 MSR3-1", "status": "affected"}, {"version": "11.0.0", "status": "affected"}, {"version": "11.1.1 MSR1-1", "status": "affected"}, {"version": "11.0.1", "status": "affected"}, {"version": "11.1.1 MSR2-1", "status": "affected"}, {"version": "11.2.4", "status": "affected"}, {"version": "11.0.1 MSR1-1", "status": "affected"}, {"version": "11.0.2", "status": "affected"}, {"version": "11.3.1", "status": "affected"}, {"version": "11.3.1 MSR1-3", "status": "affected"}, {"version": "11.3.2", "status": "affected"}, {"version": "11.3.1 MSR2-6", "status": "affected"}, {"version": "11.3.1 MSR3-3", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Session Initiation Protocol (SIP) Software", "versions": [{"version": "9.0(3)", "status": "affected"}, {"version": "9.0(2)SR2", "status": "affected"}, {"version": "9.0(2)SR1", "status": "affected"}, {"version": "9.2(1)", "status": "affected"}, {"version": "9.4(2)SR1", "status": "affected"}, {"version": "9.4(2)", "status": "affected"}, {"version": "9.4(2)SR2", "status": "affected"}, {"version": "9.4(2)SR3", "status": "affected"}, {"version": "9.3(1)SR2", "status": "affected"}, {"version": "9.3(1)SR3", "status": "affected"}, {"version": "9.3(1)SR1", "status": "affected"}, {"version": "9.1(1)SR1", "status": "affected"}, {"version": "9.3(1)SR4", "status": "affected"}, {"version": "9.2(3)", "status": "affected"}, {"version": "9.2(1)SR2", "status": "affected"}, {"version": "9.3(1)", "status": "affected"}, {"version": "9.4(2)SR4", "status": "affected"}, {"version": "12.1(1)SR1", "status": "affected"}, {"version": "11.5(1)", "status": "affected"}, {"version": "10.3(2)", "status": "affected"}, {"version": "10.2(2)", "status": "affected"}, {"version": "10.3(1)", "status": "affected"}, {"version": "10.3(1)SR4", "status": "affected"}, {"version": "11.0(1)", "status": "affected"}, {"version": "10.4(1)SR2 3rd Party", "status": "affected"}, {"version": "11.7(1)", "status": "affected"}, {"version": "12.1(1)", "status": "affected"}, {"version": "11.0(0.7) MPP", "status": "affected"}, {"version": "9.3(4) 3rd Party", "status": "affected"}, {"version": "12.5(1)SR2", "status": "affected"}, {"version": "10.2(1)SR1", "status": "affected"}, {"version": "9.3(4)SR3 3rd Party", "status": "affected"}, {"version": "10.2(1)", "status": "affected"}, {"version": "12.5(1)", "status": "affected"}, {"version": "10.3(1)SR2", "status": "affected"}, {"version": "11-0-1MSR1-1", "status": "affected"}, {"version": "10.4(1) 3rd Party", "status": "affected"}, {"version": "12.5(1)SR1", "status": "affected"}, {"version": "11.5(1)SR1", "status": "affected"}, {"version": "10.1(1)SR2", "status": "affected"}, {"version": "12.0(1)SR2", "status": "affected"}, {"version": "12.6(1)", "status": "affected"}, {"version": "10.3(1.11) 3rd Party", "status": "affected"}, {"version": "12.0(1)", "status": "affected"}, {"version": "12.0(1)SR1", "status": "affected"}, {"version": "9.3(3)", "status": "affected"}, {"version": "12.5(1)SR3", "status": "affected"}, {"version": "10.3(1)SR4b", "status": "affected"}, {"version": "9.3(4)SR1 3rd Party", "status": "affected"}, {"version": "10.3(1)SR5", "status": "affected"}, {"version": "10.1(1.9)", "status": "affected"}, {"version": "10.3(1.9) 3rd Party", "status": "affected"}, {"version": "9.3(4)SR2 3rd Party", "status": "affected"}, {"version": "10.3(1)SR1", "status": "affected"}, {"version": "10.3(1)SR3", "status": "affected"}, {"version": "10.1(1)SR1", "status": "affected"}, {"version": "12.0(1)SR3", "status": "affected"}, {"version": "12.6(1)SR1", "status": "affected"}, {"version": "12.7(1)", "status": "affected"}, {"version": "10.3(1)SR6", "status": "affected"}, {"version": "12.8(1)", "status": "affected"}, {"version": "12.7(1)SR1", "status": "affected"}, {"version": "11.0(2)SR1", "status": "affected"}, {"version": "11.0(4)", "status": "affected"}, {"version": "11.0(2)", "status": "affected"}, {"version": "11.0(4)SR3", "status": "affected"}, {"version": "11.0(5)", "status": "affected"}, {"version": "11.0(3)SR2", "status": "affected"}, {"version": "11.0(3)SR4", "status": "affected"}, {"version": "11.0(3)SR3", "status": "affected"}, {"version": "11.0(2)SR2", "status": "affected"}, {"version": "11.0(4)SR1", "status": "affected"}, {"version": "11.0(5)SR3", "status": "affected"}, {"version": "11.0(3)", "status": "affected"}, {"version": "11.0(5)SR2", "status": "affected"}, {"version": "11.0(3)SR6", "status": "affected"}, {"version": "11.0(5)SR1", "status": "affected"}, {"version": "11.0(4)SR2", "status": "affected"}, {"version": "11.0(3)SR1", "status": "affected"}, {"version": "11.0(3)SR5", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Small Business IP Phones", "versions": [{"version": "7.4.8", "status": "affected"}, {"version": "7.4.3", "status": "affected"}, {"version": "7.5.5a", "status": "affected"}, {"version": "7.3.7", "status": "affected"}, {"version": "7.5.2", "status": "affected"}, {"version": "7.5.1", "status": "affected"}, {"version": "7.4.6", "status": "affected"}, {"version": "7.5.7", "status": "affected"}, {"version": "7.4.4", "status": "affected"}, {"version": "7.6.2SR3", "status": "affected"}, {"version": "7.6.2", "status": "affected"}, {"version": "7.5.6", "status": "affected"}, {"version": "7.5.6c", "status": "affected"}, {"version": "7.6.0", "status": "affected"}, {"version": "7.4.7", "status": "affected"}, {"version": "7.6.2SR6", "status": "affected"}, {"version": "7.5.2b", "status": "affected"}, {"version": "7.5.5", "status": "affected"}, {"version": "7.5.6a", "status": "affected"}, {"version": "7.6.2SR2", "status": "affected"}, {"version": "7.5.3", "status": "affected"}, {"version": "7.5.2a", "status": "affected"}, {"version": "7.5.6(XU)", "status": "affected"}, {"version": "7.5.7s", "status": "affected"}, {"version": "7.6.2SR4", "status": "affected"}, {"version": "7.6.2SR1", "status": "affected"}, {"version": "7.4.9", "status": "affected"}, {"version": "7.5.5b", "status": "affected"}, {"version": "7.6.2SR5", "status": "affected"}, {"version": "7.5.4", "status": "affected"}, {"version": "7.6.1", "status": "affected"}, {"version": "7.6.2SR7", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-11-18T15:42:00.388Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-18T16:22:56.651830Z", "id": "CVE-2021-1379", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-18T16:23:13.534Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2021-1379 (string)

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

state : PUBLISHED (string)

assignerShortName : cisco (string)

dateReserved : 2020-11-13T00:00:00.000Z (string)

datePublished : 2024-11-18T15:42:00.388Z (string)

dateUpdated : 2024-11-18T16:23:13.534Z (string)

}

containers : { »

cna : { »

title : Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities (string)

metrics : [ »

0 : { »

format : cvssV3_1 (string)

cvssV3_1 : { »

version : 3.1 (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

attackVector : ADJACENT_NETWORK (string)

attackComplexity : LOW (string)

privilegesRequired : NONE (string)

userInteraction : NONE (string)

scope : UNCHANGED (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

availabilityImpact : HIGH (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. (string)

}

]

references : [ »

0 : { »

url : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3 (string)

name : cisco-sa-ipphone-rce-dos-U2PsSkz3 (string)

}

1 : { »

url : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3 (string)

name : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3 (string)

}

]

exploits : [ »

0 : { »

lang : en (string)

value : The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. (string)

}

]

source : { »

advisory : cisco-sa-ipphone-rce-dos-U2PsSkz3 (string)

discovery : EXTERNAL (string)

defects : [ »

0 : CSCvu59351 (string)

]

}

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

description : Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (string)

type : cwe (string)

cweId : CWE-120 (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Cisco (string)

product : Cisco IP Phones with Multiplatform Firmware (string)

versions : [ »

0 : { »

version : 11.1.2 (string)

status : affected (string)

}

1 : { »

version : 11.2.1 (string)

status : affected (string)

}

2 : { »

version : 11.2.3 (string)

status : affected (string)

}

3 : { »

version : 11.2.2 (string)

status : affected (string)

}

4 : { »

version : 11.2.3 MSR1-1 (string)

status : affected (string)

}

5 : { »

version : 11.1.2 MSR1-1 (string)

status : affected (string)

}

6 : { »

version : 11.1.1 (string)

status : affected (string)

}

7 : { »

version : 11.1.2 MSR3-1 (string)

status : affected (string)

}

8 : { »

version : 11.0.0 (string)

status : affected (string)

}

9 : { »

version : 11.1.1 MSR1-1 (string)

status : affected (string)

}

10 : { »

version : 11.0.1 (string)

status : affected (string)

}

11 : { »

version : 11.1.1 MSR2-1 (string)

status : affected (string)

}

12 : { »

version : 11.2.4 (string)

status : affected (string)

}

13 : { »

version : 11.0.1 MSR1-1 (string)

status : affected (string)

}

14 : { »

version : 11.0.2 (string)

status : affected (string)

}

15 : { »

version : 11.3.1 (string)

status : affected (string)

}

16 : { »

version : 11.3.1 MSR1-3 (string)

status : affected (string)

}

17 : { »

version : 11.3.2 (string)

status : affected (string)

}

18 : { »

version : 11.3.1 MSR2-6 (string)

status : affected (string)

}

19 : { »

version : 11.3.1 MSR3-3 (string)

status : affected (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

vendor : Cisco (string)

product : Cisco Session Initiation Protocol (SIP) Software (string)

versions : [ »

0 : { »

version : 9.0(3) (string)

status : affected (string)

}

1 : { »

version : 9.0(2)SR2 (string)

status : affected (string)

}

2 : { »

version : 9.0(2)SR1 (string)

status : affected (string)

}

3 : { »

version : 9.2(1) (string)

status : affected (string)

}

4 : { »

version : 9.4(2)SR1 (string)

status : affected (string)

}

5 : { »

version : 9.4(2) (string)

status : affected (string)

}

6 : { »

version : 9.4(2)SR2 (string)

status : affected (string)

}

7 : { »

version : 9.4(2)SR3 (string)

status : affected (string)

}

8 : { »

version : 9.3(1)SR2 (string)

status : affected (string)

}

9 : { »

version : 9.3(1)SR3 (string)

status : affected (string)

}

10 : { »

version : 9.3(1)SR1 (string)

status : affected (string)

}

11 : { »

version : 9.1(1)SR1 (string)

status : affected (string)

}

12 : { »

version : 9.3(1)SR4 (string)

status : affected (string)

}

13 : { »

version : 9.2(3) (string)

status : affected (string)

}

14 : { »

version : 9.2(1)SR2 (string)

status : affected (string)

}

15 : { »

version : 9.3(1) (string)

status : affected (string)

}

16 : { »

version : 9.4(2)SR4 (string)

status : affected (string)

}

17 : { »

version : 12.1(1)SR1 (string)

status : affected (string)

}

18 : { »

version : 11.5(1) (string)

status : affected (string)

}

19 : { »

version : 10.3(2) (string)

status : affected (string)

}

20 : { »

version : 10.2(2) (string)

status : affected (string)

}

21 : { »

version : 10.3(1) (string)

status : affected (string)

}

22 : { »

version : 10.3(1)SR4 (string)

status : affected (string)

}

23 : { »

version : 11.0(1) (string)

status : affected (string)

}

24 : { »

version : 10.4(1)SR2 3rd Party (string)

status : affected (string)

}

25 : { »

version : 11.7(1) (string)

status : affected (string)

}

26 : { »

version : 12.1(1) (string)

status : affected (string)

}

27 : { »

version : 11.0(0.7) MPP (string)

status : affected (string)

}

28 : { »

version : 9.3(4) 3rd Party (string)

status : affected (string)

}

29 : { »

version : 12.5(1)SR2 (string)

status : affected (string)

}

30 : { »

version : 10.2(1)SR1 (string)

status : affected (string)

}

31 : { »

version : 9.3(4)SR3 3rd Party (string)

status : affected (string)

}

32 : { »

version : 10.2(1) (string)

status : affected (string)

}

33 : { »

version : 12.5(1) (string)

status : affected (string)

}

34 : { »

version : 10.3(1)SR2 (string)

status : affected (string)

}

35 : { »

version : 11-0-1MSR1-1 (string)

status : affected (string)

}

36 : { »

version : 10.4(1) 3rd Party (string)

status : affected (string)

}

37 : { »

version : 12.5(1)SR1 (string)

status : affected (string)

}

38 : { »

version : 11.5(1)SR1 (string)

status : affected (string)

}

39 : { »

version : 10.1(1)SR2 (string)

status : affected (string)

}

40 : { »

version : 12.0(1)SR2 (string)

status : affected (string)

}

41 : { »

version : 12.6(1) (string)

status : affected (string)

}

42 : { »

version : 10.3(1.11) 3rd Party (string)

status : affected (string)

}

43 : { »

version : 12.0(1) (string)

status : affected (string)

}

44 : { »

version : 12.0(1)SR1 (string)

status : affected (string)

}

45 : { »

version : 9.3(3) (string)

status : affected (string)

}

46 : { »

version : 12.5(1)SR3 (string)

status : affected (string)

}

47 : { »

version : 10.3(1)SR4b (string)

status : affected (string)

}

48 : { »

version : 9.3(4)SR1 3rd Party (string)

status : affected (string)

}

49 : { »

version : 10.3(1)SR5 (string)

status : affected (string)

}

50 : { »

version : 10.1(1.9) (string)

status : affected (string)

}

51 : { »

version : 10.3(1.9) 3rd Party (string)

status : affected (string)

}

52 : { »

version : 9.3(4)SR2 3rd Party (string)

status : affected (string)

}

53 : { »

version : 10.3(1)SR1 (string)

status : affected (string)

}

54 : { »

version : 10.3(1)SR3 (string)

status : affected (string)

}

55 : { »

version : 10.1(1)SR1 (string)

status : affected (string)

}

56 : { »

version : 12.0(1)SR3 (string)

status : affected (string)

}

57 : { »

version : 12.6(1)SR1 (string)

status : affected (string)

}

58 : { »

version : 12.7(1) (string)

status : affected (string)

}

59 : { »

version : 10.3(1)SR6 (string)

status : affected (string)

}

60 : { »

version : 12.8(1) (string)

status : affected (string)

}

61 : { »

version : 12.7(1)SR1 (string)

status : affected (string)

}

62 : { »

version : 11.0(2)SR1 (string)

status : affected (string)

}

63 : { »

version : 11.0(4) (string)

status : affected (string)

}

64 : { »

version : 11.0(2) (string)

status : affected (string)

}

65 : { »

version : 11.0(4)SR3 (string)

status : affected (string)

}

66 : { »

version : 11.0(5) (string)

status : affected (string)

}

67 : { »

version : 11.0(3)SR2 (string)

status : affected (string)

}

68 : { »

version : 11.0(3)SR4 (string)

status : affected (string)

}

69 : { »

version : 11.0(3)SR3 (string)

status : affected (string)

}

70 : { »

version : 11.0(2)SR2 (string)

status : affected (string)

}

71 : { »

version : 11.0(4)SR1 (string)

status : affected (string)

}

72 : { »

version : 11.0(5)SR3 (string)

status : affected (string)

}

73 : { »

version : 11.0(3) (string)

status : affected (string)

}

74 : { »

version : 11.0(5)SR2 (string)

status : affected (string)

}

75 : { »

version : 11.0(3)SR6 (string)

status : affected (string)

}

76 : { »

version : 11.0(5)SR1 (string)

status : affected (string)

}

77 : { »

version : 11.0(4)SR2 (string)

status : affected (string)

}

78 : { »

version : 11.0(3)SR1 (string)

status : affected (string)

}

79 : { »

version : 11.0(3)SR5 (string)

status : affected (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

vendor : Cisco (string)

product : Cisco Small Business IP Phones (string)

versions : [ »

0 : { »

version : 7.4.8 (string)

status : affected (string)

}

1 : { »

version : 7.4.3 (string)

status : affected (string)

}

2 : { »

version : 7.5.5a (string)

status : affected (string)

}

3 : { »

version : 7.3.7 (string)

status : affected (string)

}

4 : { »

version : 7.5.2 (string)

status : affected (string)

}

5 : { »

version : 7.5.1 (string)

status : affected (string)

}

6 : { »

version : 7.4.6 (string)

status : affected (string)

}

7 : { »

version : 7.5.7 (string)

status : affected (string)

}

8 : { »

version : 7.4.4 (string)

status : affected (string)

}

9 : { »

version : 7.6.2SR3 (string)

status : affected (string)

}

10 : { »

version : 7.6.2 (string)

status : affected (string)

}

11 : { »

version : 7.5.6 (string)

status : affected (string)

}

12 : { »

version : 7.5.6c (string)

status : affected (string)

}

13 : { »

version : 7.6.0 (string)

status : affected (string)

}

14 : { »

version : 7.4.7 (string)

status : affected (string)

}

15 : { »

version : 7.6.2SR6 (string)

status : affected (string)

}

16 : { »

version : 7.5.2b (string)

status : affected (string)

}

17 : { »

version : 7.5.5 (string)

status : affected (string)

}

18 : { »

version : 7.5.6a (string)

status : affected (string)

}

19 : { »

version : 7.6.2SR2 (string)

status : affected (string)

}

20 : { »

version : 7.5.3 (string)

status : affected (string)

}

21 : { »

version : 7.5.2a (string)

status : affected (string)

}

22 : { »

version : 7.5.6(XU) (string)

status : affected (string)

}

23 : { »

version : 7.5.7s (string)

status : affected (string)

}

24 : { »

version : 7.6.2SR4 (string)

status : affected (string)

}

25 : { »

version : 7.6.2SR1 (string)

status : affected (string)

}

26 : { »

version : 7.4.9 (string)

status : affected (string)

}

27 : { »

version : 7.5.5b (string)

status : affected (string)

}

28 : { »

version : 7.6.2SR5 (string)

status : affected (string)

}

29 : { »

version : 7.5.4 (string)

status : affected (string)

}

30 : { »

version : 7.6.1 (string)

status : affected (string)

}

31 : { »

version : 7.6.2SR7 (string)

status : affected (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

dateUpdated : 2024-11-18T15:42:00.388Z (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-11-18T16:22:56.651830Z (string)

id : CVE-2021-1379 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-18T16:23:13.534Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-1379", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-18T16:22:56.651830Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-18T16:23:00.881Z"}}], "cna": {"title": "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities", "source": {"defects": ["CSCvu59351"], "advisory": "cisco-sa-ipphone-rce-dos-U2PsSkz3", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IP Phones with Multiplatform Firmware", "versions": [{"status": "affected", "version": "11.1.2"}, {"status": "affected", "version": "11.2.1"}, {"status": "affected", "version": "11.2.3"}, {"status": "affected", "version": "11.2.2"}, {"status": "affected", "version": "11.2.3 MSR1-1"}, {"status": "affected", "version": "11.1.2 MSR1-1"}, {"status": "affected", "version": "11.1.1"}, {"status": "affected", "version": "11.1.2 MSR3-1"}, {"status": "affected", "version": "11.0.0"}, {"status": "affected", "version": "11.1.1 MSR1-1"}, {"status": "affected", "version": "11.0.1"}, {"status": "affected", "version": "11.1.1 MSR2-1"}, {"status": "affected", "version": "11.2.4"}, {"status": "affected", "version": "11.0.1 MSR1-1"}, {"status": "affected", "version": "11.0.2"}, {"status": "affected", "version": "11.3.1"}, {"status": "affected", "version": "11.3.1 MSR1-3"}, {"status": "affected", "version": "11.3.2"}, {"status": "affected", "version": "11.3.1 MSR2-6"}, {"status": "affected", "version": "11.3.1 MSR3-3"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Session Initiation Protocol (SIP) Software", "versions": [{"status": "affected", "version": "9.0(3)"}, {"status": "affected", "version": "9.0(2)SR2"}, {"status": "affected", "version": "9.0(2)SR1"}, {"status": "affected", "version": "9.2(1)"}, {"status": "affected", "version": "9.4(2)SR1"}, {"status": "affected", "version": "9.4(2)"}, {"status": "affected", "version": "9.4(2)SR2"}, {"status": "affected", "version": "9.4(2)SR3"}, {"status": "affected", "version": "9.3(1)SR2"}, {"status": "affected", "version": "9.3(1)SR3"}, {"status": "affected", "version": "9.3(1)SR1"}, {"status": "affected", "version": "9.1(1)SR1"}, {"status": "affected", "version": "9.3(1)SR4"}, {"status": "affected", "version": "9.2(3)"}, {"status": "affected", "version": "9.2(1)SR2"}, {"status": "affected", "version": "9.3(1)"}, {"status": "affected", "version": "9.4(2)SR4"}, {"status": "affected", "version": "12.1(1)SR1"}, {"status": "affected", "version": "11.5(1)"}, {"status": "affected", "version": "10.3(2)"}, {"status": "affected", "version": "10.2(2)"}, {"status": "affected", "version": "10.3(1)"}, {"status": "affected", "version": "10.3(1)SR4"}, {"status": "affected", "version": "11.0(1)"}, {"status": "affected", "version": "10.4(1)SR2 3rd Party"}, {"status": "affected", "version": "11.7(1)"}, {"status": "affected", "version": "12.1(1)"}, {"status": "affected", "version": "11.0(0.7) MPP"}, {"status": "affected", "version": "9.3(4) 3rd Party"}, {"status": "affected", "version": "12.5(1)SR2"}, {"status": "affected", "version": "10.2(1)SR1"}, {"status": "affected", "version": "9.3(4)SR3 3rd Party"}, {"status": "affected", "version": "10.2(1)"}, {"status": "affected", "version": "12.5(1)"}, {"status": "affected", "version": "10.3(1)SR2"}, {"status": "affected", "version": "11-0-1MSR1-1"}, {"status": "affected", "version": "10.4(1) 3rd Party"}, {"status": "affected", "version": "12.5(1)SR1"}, {"status": "affected", "version": "11.5(1)SR1"}, {"status": "affected", "version": "10.1(1)SR2"}, {"status": "affected", "version": "12.0(1)SR2"}, {"status": "affected", "version": "12.6(1)"}, {"status": "affected", "version": "10.3(1.11) 3rd Party"}, {"status": "affected", "version": "12.0(1)"}, {"status": "affected", "version": "12.0(1)SR1"}, {"status": "affected", "version": "9.3(3)"}, {"status": "affected", "version": "12.5(1)SR3"}, {"status": "affected", "version": "10.3(1)SR4b"}, {"status": "affected", "version": "9.3(4)SR1 3rd Party"}, {"status": "affected", "version": "10.3(1)SR5"}, {"status": "affected", "version": "10.1(1.9)"}, {"status": "affected", "version": "10.3(1.9) 3rd Party"}, {"status": "affected", "version": "9.3(4)SR2 3rd Party"}, {"status": "affected", "version": "10.3(1)SR1"}, {"status": "affected", "version": "10.3(1)SR3"}, {"status": "affected", "version": "10.1(1)SR1"}, {"status": "affected", "version": "12.0(1)SR3"}, {"status": "affected", "version": "12.6(1)SR1"}, {"status": "affected", "version": "12.7(1)"}, {"status": "affected", "version": "10.3(1)SR6"}, {"status": "affected", "version": "12.8(1)"}, {"status": "affected", "version": "12.7(1)SR1"}, {"status": "affected", "version": "11.0(2)SR1"}, {"status": "affected", "version": "11.0(4)"}, {"status": "affected", "version": "11.0(2)"}, {"status": "affected", "version": "11.0(4)SR3"}, {"status": "affected", "version": "11.0(5)"}, {"status": "affected", "version": "11.0(3)SR2"}, {"status": "affected", "version": "11.0(3)SR4"}, {"status": "affected", "version": "11.0(3)SR3"}, {"status": "affected", "version": "11.0(2)SR2"}, {"status": "affected", "version": "11.0(4)SR1"}, {"status": "affected", "version": "11.0(5)SR3"}, {"status": "affected", "version": "11.0(3)"}, {"status": "affected", "version": "11.0(5)SR2"}, {"status": "affected", "version": "11.0(3)SR6"}, {"status": "affected", "version": "11.0(5)SR1"}, {"status": "affected", "version": "11.0(4)SR2"}, {"status": "affected", "version": "11.0(3)SR1"}, {"status": "affected", "version": "11.0(3)SR5"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Small Business IP Phones", "versions": [{"status": "affected", "version": "7.4.8"}, {"status": "affected", "version": "7.4.3"}, {"status": "affected", "version": "7.5.5a"}, {"status": "affected", "version": "7.3.7"}, {"status": "affected", "version": "7.5.2"}, {"status": "affected", "version": "7.5.1"}, {"status": "affected", "version": "7.4.6"}, {"status": "affected", "version": "7.5.7"}, {"status": "affected", "version": "7.4.4"}, {"status": "affected", "version": "7.6.2SR3"}, {"status": "affected", "version": "7.6.2"}, {"status": "affected", "version": "7.5.6"}, {"status": "affected", "version": "7.5.6c"}, {"status": "affected", "version": "7.6.0"}, {"status": "affected", "version": "7.4.7"}, {"status": "affected", "version": "7.6.2SR6"}, {"status": "affected", "version": "7.5.2b"}, {"status": "affected", "version": "7.5.5"}, {"status": "affected", "version": "7.5.6a"}, {"status": "affected", "version": "7.6.2SR2"}, {"status": "affected", "version": "7.5.3"}, {"status": "affected", "version": "7.5.2a"}, {"status": "affected", "version": "7.5.6(XU)"}, {"status": "affected", "version": "7.5.7s"}, {"status": "affected", "version": "7.6.2SR4"}, {"status": "affected", "version": "7.6.2SR1"}, {"status": "affected", "version": "7.4.9"}, {"status": "affected", "version": "7.5.5b"}, {"status": "affected", "version": "7.6.2SR5"}, {"status": "affected", "version": "7.5.4"}, {"status": "affected", "version": "7.6.1"}, {"status": "affected", "version": "7.6.2SR7"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3", "name": "cisco-sa-ipphone-rce-dos-U2PsSkz3"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the Cisco&nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco&nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco&nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco&nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco&nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-11-18T15:42:00.388Z"}}}, "cveMetadata": {"cveId": "CVE-2021-1379", "state": "PUBLISHED", "dateUpdated": "2024-11-18T16:23:13.534Z", "dateReserved": "2020-11-13T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-11-18T15:42:00.388Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-1379 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-11-18T16:22:56.651830Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-18T16:23:00.881Z (string)

}

]

cna : { »

title : Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities (string)

source : { »

defects : [ »

0 : CSCvu59351 (string)

]

advisory : cisco-sa-ipphone-rce-dos-U2PsSkz3 (string)

discovery : EXTERNAL (string)

}

metrics : [ »

0 : { »

format : cvssV3_1 (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 6.5 (number)

attackVector : ADJACENT_NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : NONE (string)

}

]

affected : [ »

0 : { »

vendor : Cisco (string)

product : Cisco IP Phones with Multiplatform Firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 11.1.2 (string)

}

1 : { »

status : affected (string)

version : 11.2.1 (string)

}

2 : { »

status : affected (string)

version : 11.2.3 (string)

}

3 : { »

status : affected (string)

version : 11.2.2 (string)

}

4 : { »

status : affected (string)

version : 11.2.3 MSR1-1 (string)

}

5 : { »

status : affected (string)

version : 11.1.2 MSR1-1 (string)

}

6 : { »

status : affected (string)

version : 11.1.1 (string)

}

7 : { »

status : affected (string)

version : 11.1.2 MSR3-1 (string)

}

8 : { »

status : affected (string)

version : 11.0.0 (string)

}

9 : { »

status : affected (string)

version : 11.1.1 MSR1-1 (string)

}

10 : { »

status : affected (string)

version : 11.0.1 (string)

}

11 : { »

status : affected (string)

version : 11.1.1 MSR2-1 (string)

}

12 : { »

status : affected (string)

version : 11.2.4 (string)

}

13 : { »

status : affected (string)

version : 11.0.1 MSR1-1 (string)

}

14 : { »

status : affected (string)

version : 11.0.2 (string)

}

15 : { »

status : affected (string)

version : 11.3.1 (string)

}

16 : { »

status : affected (string)

version : 11.3.1 MSR1-3 (string)

}

17 : { »

status : affected (string)

version : 11.3.2 (string)

}

18 : { »

status : affected (string)

version : 11.3.1 MSR2-6 (string)

}

19 : { »

status : affected (string)

version : 11.3.1 MSR3-3 (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

vendor : Cisco (string)

product : Cisco Session Initiation Protocol (SIP) Software (string)

versions : [ »

0 : { »

status : affected (string)

version : 9.0(3) (string)

}

1 : { »

status : affected (string)

version : 9.0(2)SR2 (string)

}

2 : { »

status : affected (string)

version : 9.0(2)SR1 (string)

}

3 : { »

status : affected (string)

version : 9.2(1) (string)

}

4 : { »

status : affected (string)

version : 9.4(2)SR1 (string)

}

5 : { »

status : affected (string)

version : 9.4(2) (string)

}

6 : { »

status : affected (string)

version : 9.4(2)SR2 (string)

}

7 : { »

status : affected (string)

version : 9.4(2)SR3 (string)

}

8 : { »

status : affected (string)

version : 9.3(1)SR2 (string)

}

9 : { »

status : affected (string)

version : 9.3(1)SR3 (string)

}

10 : { »

status : affected (string)

version : 9.3(1)SR1 (string)

}

11 : { »

status : affected (string)

version : 9.1(1)SR1 (string)

}

12 : { »

status : affected (string)

version : 9.3(1)SR4 (string)

}

13 : { »

status : affected (string)

version : 9.2(3) (string)

}

14 : { »

status : affected (string)

version : 9.2(1)SR2 (string)

}

15 : { »

status : affected (string)

version : 9.3(1) (string)

}

16 : { »

status : affected (string)

version : 9.4(2)SR4 (string)

}

17 : { »

status : affected (string)

version : 12.1(1)SR1 (string)

}

18 : { »

status : affected (string)

version : 11.5(1) (string)

}

19 : { »

status : affected (string)

version : 10.3(2) (string)

}

20 : { »

status : affected (string)

version : 10.2(2) (string)

}

21 : { »

status : affected (string)

version : 10.3(1) (string)

}

22 : { »

status : affected (string)

version : 10.3(1)SR4 (string)

}

23 : { »

status : affected (string)

version : 11.0(1) (string)

}

24 : { »

status : affected (string)

version : 10.4(1)SR2 3rd Party (string)

}

25 : { »

status : affected (string)

version : 11.7(1) (string)

}

26 : { »

status : affected (string)

version : 12.1(1) (string)

}

27 : { »

status : affected (string)

version : 11.0(0.7) MPP (string)

}

28 : { »

status : affected (string)

version : 9.3(4) 3rd Party (string)

}

29 : { »

status : affected (string)

version : 12.5(1)SR2 (string)

}

30 : { »

status : affected (string)

version : 10.2(1)SR1 (string)

}

31 : { »

status : affected (string)

version : 9.3(4)SR3 3rd Party (string)

}

32 : { »

status : affected (string)

version : 10.2(1) (string)

}

33 : { »

status : affected (string)

version : 12.5(1) (string)

}

34 : { »

status : affected (string)

version : 10.3(1)SR2 (string)

}

35 : { »

status : affected (string)

version : 11-0-1MSR1-1 (string)

}

36 : { »

status : affected (string)

version : 10.4(1) 3rd Party (string)

}

37 : { »

status : affected (string)

version : 12.5(1)SR1 (string)

}

38 : { »

status : affected (string)

version : 11.5(1)SR1 (string)

}

39 : { »

status : affected (string)

version : 10.1(1)SR2 (string)

}

40 : { »

status : affected (string)

version : 12.0(1)SR2 (string)

}

41 : { »

status : affected (string)

version : 12.6(1) (string)

}

42 : { »

status : affected (string)

version : 10.3(1.11) 3rd Party (string)

}

43 : { »

status : affected (string)

version : 12.0(1) (string)

}

44 : { »

status : affected (string)

version : 12.0(1)SR1 (string)

}

45 : { »

status : affected (string)

version : 9.3(3) (string)

}

46 : { »

status : affected (string)

version : 12.5(1)SR3 (string)

}

47 : { »

status : affected (string)

version : 10.3(1)SR4b (string)

}

48 : { »

status : affected (string)

version : 9.3(4)SR1 3rd Party (string)

}

49 : { »

status : affected (string)

version : 10.3(1)SR5 (string)

}

50 : { »

status : affected (string)

version : 10.1(1.9) (string)

}

51 : { »

status : affected (string)

version : 10.3(1.9) 3rd Party (string)

}

52 : { »

status : affected (string)

version : 9.3(4)SR2 3rd Party (string)

}

53 : { »

status : affected (string)

version : 10.3(1)SR1 (string)

}

54 : { »

status : affected (string)

version : 10.3(1)SR3 (string)

}

55 : { »

status : affected (string)

version : 10.1(1)SR1 (string)

}

56 : { »

status : affected (string)

version : 12.0(1)SR3 (string)

}

57 : { »

status : affected (string)

version : 12.6(1)SR1 (string)

}

58 : { »

status : affected (string)

version : 12.7(1) (string)

}

59 : { »

status : affected (string)

version : 10.3(1)SR6 (string)

}

60 : { »

status : affected (string)

version : 12.8(1) (string)

}

61 : { »

status : affected (string)

version : 12.7(1)SR1 (string)

}

62 : { »

status : affected (string)

version : 11.0(2)SR1 (string)

}

63 : { »

status : affected (string)

version : 11.0(4) (string)

}

64 : { »

status : affected (string)

version : 11.0(2) (string)

}

65 : { »

status : affected (string)

version : 11.0(4)SR3 (string)

}

66 : { »

status : affected (string)

version : 11.0(5) (string)

}

67 : { »

status : affected (string)

version : 11.0(3)SR2 (string)

}

68 : { »

status : affected (string)

version : 11.0(3)SR4 (string)

}

69 : { »

status : affected (string)

version : 11.0(3)SR3 (string)

}

70 : { »

status : affected (string)

version : 11.0(2)SR2 (string)

}

71 : { »

status : affected (string)

version : 11.0(4)SR1 (string)

}

72 : { »

status : affected (string)

version : 11.0(5)SR3 (string)

}

73 : { »

status : affected (string)

version : 11.0(3) (string)

}

74 : { »

status : affected (string)

version : 11.0(5)SR2 (string)

}

75 : { »

status : affected (string)

version : 11.0(3)SR6 (string)

}

76 : { »

status : affected (string)

version : 11.0(5)SR1 (string)

}

77 : { »

status : affected (string)

version : 11.0(4)SR2 (string)

}

78 : { »

status : affected (string)

version : 11.0(3)SR1 (string)

}

79 : { »

status : affected (string)

version : 11.0(3)SR5 (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

vendor : Cisco (string)

product : Cisco Small Business IP Phones (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.4.8 (string)

}

1 : { »

status : affected (string)

version : 7.4.3 (string)

}

2 : { »

status : affected (string)

version : 7.5.5a (string)

}

3 : { »

status : affected (string)

version : 7.3.7 (string)

}

4 : { »

status : affected (string)

version : 7.5.2 (string)

}

5 : { »

status : affected (string)

version : 7.5.1 (string)

}

6 : { »

status : affected (string)

version : 7.4.6 (string)

}

7 : { »

status : affected (string)

version : 7.5.7 (string)

}

8 : { »

status : affected (string)

version : 7.4.4 (string)

}

9 : { »

status : affected (string)

version : 7.6.2SR3 (string)

}

10 : { »

status : affected (string)

version : 7.6.2 (string)

}

11 : { »

status : affected (string)

version : 7.5.6 (string)

}

12 : { »

status : affected (string)

version : 7.5.6c (string)

}

13 : { »

status : affected (string)

version : 7.6.0 (string)

}

14 : { »

status : affected (string)

version : 7.4.7 (string)

}

15 : { »

status : affected (string)

version : 7.6.2SR6 (string)

}

16 : { »

status : affected (string)

version : 7.5.2b (string)

}

17 : { »

status : affected (string)

version : 7.5.5 (string)

}

18 : { »

status : affected (string)

version : 7.5.6a (string)

}

19 : { »

status : affected (string)

version : 7.6.2SR2 (string)

}

20 : { »

status : affected (string)

version : 7.5.3 (string)

}

21 : { »

status : affected (string)

version : 7.5.2a (string)

}

22 : { »

status : affected (string)

version : 7.5.6(XU) (string)

}

23 : { »

status : affected (string)

version : 7.5.7s (string)

}

24 : { »

status : affected (string)

version : 7.6.2SR4 (string)

}

25 : { »

status : affected (string)

version : 7.6.2SR1 (string)

}

26 : { »

status : affected (string)

version : 7.4.9 (string)

}

27 : { »

status : affected (string)

version : 7.5.5b (string)

}

28 : { »

status : affected (string)

version : 7.6.2SR5 (string)

}

29 : { »

status : affected (string)

version : 7.5.4 (string)

}

30 : { »

status : affected (string)

version : 7.6.1 (string)

}

31 : { »

status : affected (string)

version : 7.6.2SR7 (string)

}

]

defaultStatus : unknown (string)

}

]

exploits : [ »

0 : { »

lang : en (string)

value : The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. (string)

}

]

references : [ »

0 : { »

url : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3 (string)

name : cisco-sa-ipphone-rce-dos-U2PsSkz3 (string)

}

1 : { »

url : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3 (string)

name : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : cwe (string)

cweId : CWE-120 (string)

description : Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (string)

}

]

}

]

providerMetadata : { »

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

dateUpdated : 2024-11-18T15:42:00.388Z (string)

}

cveMetadata : { »

cveId : CVE-2021-1379 (string)

state : PUBLISHED (string)

dateUpdated : 2024-11-18T16:23:13.534Z (string)

dateReserved : 2020-11-13T00:00:00.000Z (string)

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

datePublished : 2024-11-18T15:42:00.388Z (string)

assignerShortName : cisco (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the Cisco&nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco&nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco&nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco&nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco&nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."}, {"lang": "es", "value": "Varias vulnerabilidades en las implementaciones de Cisco Discovery Protocol y Link Layer Discovery Protocol (LLDP) para los tel\u00e9fonos IP de Cisco de las series 68xx/78xx/88xx podr\u00edan permitir que un atacante adyacente no autenticado ejecute c\u00f3digo de forma remota o provoque una recarga de un tel\u00e9fono IP afectado. Estas vulnerabilidades se deben a la falta de comprobaciones cuando el tel\u00e9fono IP procesa un paquete Cisco Discovery Protocol o LLDP. Un atacante podr\u00eda explotar estas vulnerabilidades enviando un paquete Cisco Discovery Protocol o LLDP malicioso al tel\u00e9fono IP de destino. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo en el tel\u00e9fono IP afectado o hacer que se recargue inesperadamente, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Nota: Cisco Discovery Protocol es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de software que solucionan estas vulnerabilidades. No existen workarounds que solucionen estas vulnerabilidades."}], "id": "CVE-2021-1379", "lastModified": "2024-11-18T17:11:17.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Primary"}]}, "published": "2024-11-18T16:15:09.310", "references": [{"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"}, {"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "ykramarz@cisco.com", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. (string)

}

1 : { »

lang : es (string)

value : Varias vulnerabilidades en las implementaciones de Cisco Discovery Protocol y Link Layer Discovery Protocol (LLDP) para los teléfonos IP de Cisco de las series 68xx/78xx/88xx podrían permitir que un atacante adyacente no autenticado ejecute código de forma remota o provoque una recarga de un teléfono IP afectado. Estas vulnerabilidades se deben a la falta de comprobaciones cuando el teléfono IP procesa un paquete Cisco Discovery Protocol o LLDP. Un atacante podría explotar estas vulnerabilidades enviando un paquete Cisco Discovery Protocol o LLDP malicioso al teléfono IP de destino. Una explotación exitosa podría permitir al atacante ejecutar código en el teléfono IP afectado o hacer que se recargue inesperadamente, lo que resultaría en una condición de denegación de servicio (DoS). Nota: Cisco Discovery Protocol es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (adyacente a la capa 2). Cisco ha publicado actualizaciones de software que solucionan estas vulnerabilidades. No existen workarounds que solucionen estas vulnerabilidades. (string)

}

]

id : CVE-2021-1379 (string)

lastModified : 2024-11-18T17:11:17.393 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : ykramarz@cisco.com (string)

type : Primary (string)

}

]

}

published : 2024-11-18T16:15:09.310 (string)

references : [ »

0 : { »

source : ykramarz@cisco.com (string)

url : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3 (string)

}

1 : { »

source : ykramarz@cisco.com (string)

url : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3 (string)

}

]

sourceIdentifier : ykramarz@cisco.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-120 (string)

}

]

source : ykramarz@cisco.com (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object