CVE-2021-1379
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X
Summary
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.3 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.3 MSR1-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.2 MSR1-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.2 MSR3-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.0.0 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.1 MSR1-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.0.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.1 MSR2-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.4 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.0.1 MSR1-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.0.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 MSR1-3 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 MSR2-6 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 MSR3-3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.0(3) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.0(2)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.0(2)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.2(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.4(2)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.4(2) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.4(2)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.4(2)SR3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(1)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(1)SR3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.1(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(1)SR4 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.2(3) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.2(1)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.4(2)SR4 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.1(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.5(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(2) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.2(2) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1)SR4 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.4(1)SR2 3rd Party | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.7(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.1(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(0.7) MPP | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(4) 3rd Party | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.5(1)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.2(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(4)SR3 3rd Party | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.2(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.5(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11-0-1MSR1-1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.4(1) 3rd Party | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.5(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.5(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.1(1)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.0(1)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.6(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1.11) 3rd Party | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.0(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.0(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(3) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.5(1)SR3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1)SR4b | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(4)SR1 3rd Party | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1)SR5 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.1(1.9) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1.9) 3rd Party | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.3(4)SR2 3rd Party | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1)SR3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.1(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.0(1)SR3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.6(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.7(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 10.3(1)SR6 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.8(1) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 12.7(1)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(2)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(4) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(2) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(4)SR3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(5) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(3)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(3)SR4 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(3)SR3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(2)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(4)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(5)SR3 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(3) | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(5)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(3)SR6 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(5)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(4)SR2 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(3)SR1 | affected |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 11.0(3)SR5 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.8 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.3 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.5a | affected |
| Cisco | Cisco Small Business IP Phones | 7.3.7 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.2 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.1 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.6 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.7 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.4 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR3 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.6 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.6c | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.0 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.7 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR6 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.2b | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.5 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.6a | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR2 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.3 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.2a | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.6(XU) | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.7s | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR4 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR1 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.9 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.5b | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR5 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.4 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.1 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR7 | affected |
Weaknesses
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.