CVE-2021-1379

Summary

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IP Phones with Multiplatform Firmware11.1.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.3affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.3 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.2 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.2 MSR3-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.0affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1 MSR2-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.4affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.1 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR1-3affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR2-6affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR3-3affected
CiscoCisco Session Initiation Protocol (SIP) Software9.0(3)affected
CiscoCisco Session Initiation Protocol (SIP) Software9.0(2)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software9.0(2)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software9.2(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software9.4(2)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software9.4(2)affected
CiscoCisco Session Initiation Protocol (SIP) Software9.4(2)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software9.4(2)SR3affected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(1)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(1)SR3affected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software9.1(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(1)SR4affected
CiscoCisco Session Initiation Protocol (SIP) Software9.2(3)affected
CiscoCisco Session Initiation Protocol (SIP) Software9.2(1)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software9.4(2)SR4affected
CiscoCisco Session Initiation Protocol (SIP) Software12.1(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software11.5(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(2)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.2(2)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1)SR4affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.4(1)SR2 3rd Partyaffected
CiscoCisco Session Initiation Protocol (SIP) Software11.7(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software12.1(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(0.7) MPPaffected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(4) 3rd Partyaffected
CiscoCisco Session Initiation Protocol (SIP) Software12.5(1)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software10.2(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(4)SR3 3rd Partyaffected
CiscoCisco Session Initiation Protocol (SIP) Software10.2(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software12.5(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software11-0-1MSR1-1affected
CiscoCisco Session Initiation Protocol (SIP) Software10.4(1) 3rd Partyaffected
CiscoCisco Session Initiation Protocol (SIP) Software12.5(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software11.5(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software10.1(1)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software12.0(1)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software12.6(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1.11) 3rd Partyaffected
CiscoCisco Session Initiation Protocol (SIP) Software12.0(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software12.0(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(3)affected
CiscoCisco Session Initiation Protocol (SIP) Software12.5(1)SR3affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1)SR4baffected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(4)SR1 3rd Partyaffected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1)SR5affected
CiscoCisco Session Initiation Protocol (SIP) Software10.1(1.9)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1.9) 3rd Partyaffected
CiscoCisco Session Initiation Protocol (SIP) Software9.3(4)SR2 3rd Partyaffected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1)SR3affected
CiscoCisco Session Initiation Protocol (SIP) Software10.1(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software12.0(1)SR3affected
CiscoCisco Session Initiation Protocol (SIP) Software12.6(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software12.7(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software10.3(1)SR6affected
CiscoCisco Session Initiation Protocol (SIP) Software12.8(1)affected
CiscoCisco Session Initiation Protocol (SIP) Software12.7(1)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(2)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(4)affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(2)affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(4)SR3affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(5)affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(3)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(3)SR4affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(3)SR3affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(2)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(4)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(5)SR3affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(3)affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(5)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(3)SR6affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(5)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(4)SR2affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(3)SR1affected
CiscoCisco Session Initiation Protocol (SIP) Software11.0(3)SR5affected
CiscoCisco Small Business IP Phones7.4.8affected
CiscoCisco Small Business IP Phones7.4.3affected
CiscoCisco Small Business IP Phones7.5.5aaffected
CiscoCisco Small Business IP Phones7.3.7affected
CiscoCisco Small Business IP Phones7.5.2affected
CiscoCisco Small Business IP Phones7.5.1affected
CiscoCisco Small Business IP Phones7.4.6affected
CiscoCisco Small Business IP Phones7.5.7affected
CiscoCisco Small Business IP Phones7.4.4affected
CiscoCisco Small Business IP Phones7.6.2SR3affected
CiscoCisco Small Business IP Phones7.6.2affected
CiscoCisco Small Business IP Phones7.5.6affected
CiscoCisco Small Business IP Phones7.5.6caffected
CiscoCisco Small Business IP Phones7.6.0affected
CiscoCisco Small Business IP Phones7.4.7affected
CiscoCisco Small Business IP Phones7.6.2SR6affected
CiscoCisco Small Business IP Phones7.5.2baffected
CiscoCisco Small Business IP Phones7.5.5affected
CiscoCisco Small Business IP Phones7.5.6aaffected
CiscoCisco Small Business IP Phones7.6.2SR2affected
CiscoCisco Small Business IP Phones7.5.3affected
CiscoCisco Small Business IP Phones7.5.2aaffected
CiscoCisco Small Business IP Phones7.5.6(XU)affected
CiscoCisco Small Business IP Phones7.5.7saffected
CiscoCisco Small Business IP Phones7.6.2SR4affected
CiscoCisco Small Business IP Phones7.6.2SR1affected
CiscoCisco Small Business IP Phones7.4.9affected
CiscoCisco Small Business IP Phones7.5.5baffected
CiscoCisco Small Business IP Phones7.6.2SR5affected
CiscoCisco Small Business IP Phones7.5.4affected
CiscoCisco Small Business IP Phones7.6.1affected
CiscoCisco Small Business IP Phones7.6.2SR7affected

Weaknesses

  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References