CVE-2021-1379: Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-1379

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Source: NVD (National Vulnerability Database)

Vulnerability Description

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco IP Phone 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco IP Phone是美国思科（Cisco）公司的一个硬件设备。提供通话功能的IP电话。 Cisco IP Phone 存在安全漏洞，攻击者可利用此漏洞可能允许恶意用户在受影响的设备上执行代码或导致其意外重新加载。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Cisco	Cisco IP Phones with Multiplatform Firmware	11.1.2	-
Cisco	Cisco Session Initiation Protocol (SIP) Software	9.0(3)	-
Cisco	Cisco Small Business IP Phones	7.4.8	-

II. Public POCs for CVE-2021-1379

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-1379

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Cisco IP Phones with Multiplatform Firmware

Same vendor: Cisco

Same weakness: CWE-120

V. Comments for CVE-2021-1379

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-1379

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-1379

III. Intelligence Information for CVE-2021-1379

IV. Related Vulnerabilities

V. Comments for CVE-2021-1379

Leave a comment