CVE-2021-1379— Cisco IP Phone 安全漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2021-1379 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Cisco IP Phone 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Cisco IP Phone是美国思科(Cisco)公司的一个硬件设备。提供通话功能的IP电话。 Cisco IP Phone 存在安全漏洞,攻击者可利用此漏洞可能允许恶意用户在受影响的设备上执行代码或导致其意外重新加载。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.2 | - | |
| Cisco | Cisco Session Initiation Protocol (SIP) Software | 9.0(3) | - | |
| Cisco | Cisco Small Business IP Phones | 7.4.8 | - |
二、漏洞 CVE-2021-1379 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2021-1379 的情报信息
请登录查看更多情报信息。
CVE-2021-1379 厂商安全公告 (2)
同批安全公告 · Cisco · 2024-11-18 · 共 28 条
| CVE-2020-27124 | 8.6 HIGH | Cisco ASA Software 安全漏洞 |
| CVE-2020-26071 | 8.4 HIGH | Cisco SD-WAN vEdge 路径遍历漏洞 |
| CVE-2020-26074 | 7.8 HIGH | Cisco?SD-WAN vManage 授权问题漏洞 |
| CVE-2020-26073 | 7.5 HIGH | Cisco?SD-WAN vManage 信息泄露漏洞 |
| CVE-2021-1440 | 6.8 MEDIUM | Cisco IOS XR 安全漏洞 |
| CVE-2021-1232 | 6.5 MEDIUM | Cisco SD-WAN vManage 安全漏洞 |
| CVE-2020-3539 | 6.3 MEDIUM | Cisco Data Center Network Manager 授权问题漏洞 |
| CVE-2021-1444 | 6.1 MEDIUM | Cisco Firepower Threat Defense(FTD)和Cisco Adaptive Security Appliances Software(ASA Softwa |
| CVE-2020-3431 | 6.1 MEDIUM | Cisco RV042 Dual WAN VPN Router和RV042G Dual Gigabit WAN VPN Router 跨站脚本漏洞 |
| CVE-2020-26067 | 5.4 MEDIUM | Cisco?Webex Teams 跨站脚本漏洞 |
| CVE-2020-26063 | 5.4 MEDIUM | Cisco?Integrated Management Controller 授权问题漏洞 |
| CVE-2020-26062 | 5.3 MEDIUM | Cisco?Integrated Management Controller 安全漏洞 |
| CVE-2020-3548 | 5.3 MEDIUM | Cisco AsyncOS TLS 安全漏洞 |
| CVE-2021-1234 | 5.3 MEDIUM | Cisco SD-WAN vManage 安全漏洞 |
| CVE-2021-1132 | 5.3 MEDIUM | Cisco?Network Services Orchestrator 安全漏洞 |
| CVE-2021-1424 | 5.3 MEDIUM | Cisco ASR 缓冲区错误漏洞 |
| CVE-2021-1461 | 4.9 MEDIUM | Cisco SD-WAN vEdge Router 数据伪造问题漏洞 |
| CVE-2020-3538 | 4.6 MEDIUM | Cisco Data Center Network Manager REST API端点输入验证错误漏洞 |
| CVE-2021-1465 | 4.3 MEDIUM | Cisco?SD-WAN vManage Software 输入验证错误漏洞 |
| CVE-2021-1425 | 4.3 MEDIUM | Cisco ESA/CSMA 安全漏洞 |
显示前 20 条,共 28 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2021-1379
暂无评论