从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞描述: - 漏洞类型:缓冲区溢出和拒绝服务(DoS)漏洞。 - 受影响产品:Cisco IP Phones Series 68xx/78xx/88xx。 - 漏洞原因:Cisco Discovery Protocol和Link Layer Discovery Protocol(LLDP)的实现中存在缺失检查,允许未经授权的攻击者远程执行代码或导致受影响IP电话重新加载。 - 漏洞利用:攻击者可以通过发送恶意Cisco Discovery Protocol或LLDP包到目标IP电话来利用这些漏洞。成功利用可以允许攻击者在受影响的IP电话上执行代码或导致其意外重新加载,从而导致拒绝服务(DoS)条件。 2. 受影响产品列表: - IP Conference Phone 7832 - IP Conference Phone 7832 with Multiplatform Firmware - IP Conference Phone 8832 - IP Conference Phone 8832 with Multiplatform Firmware - IP Phone 6821, 6841, 6851, 6861, 6871 with Multiplatform Firmware - IP Phone 7811, 7821, 7841, 7861 Desktop Phones - IP Phone 7811, 7821, 7841, 7861 Desktop Phones with Multiplatform Firmware - IP Phone 8811, 8841, 8851, 8861, 8845, 8865 Desktop Phones - IP Phone 8811, 8841, 8851, 8861, 8845, 8865 Desktop Phones with Multiplatform Firmware - Unified IP Conference Phone 8831 - Unified IP Conference Phone 8831 for Third-Party Call Control - Wireless IP Phone 8821, 8821-EX - Cisco SPA525G 5-Line IP Phone 3. 已确认不受影响的产品: - Cisco Unified IP Phone 6901 - Cisco Unified IP Phone 6911 - Cisco ATA 191 Analog Telephone Adapter - Cisco ATA 190 Analog Telephone Adapter - Webex Room Phone - Cisco Unified IP Phone 3905 - Cisco SPA112 2-Port Phone Adapter - Cisco SPA122 Analog Telephone Adapter (ATA) with Router - Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) - Cisco IP DECT 6800 Series with Multiplatform Firmware 4. 工作补丁: - 没有工作补丁可用。 5. 已修复的软件版本: - IP Conference Phone 8832 with Multiplatform Firmware - IP Phone 6821, 6841, 6851, 6861, 6871 with Multiplatform Firmware - IP Phone 7811, 7821, 7841, 7861 Desktop Phones - IP Phone 7811, 7821, 7841, 7861 Desktop Phones with Multiplatform Firmware - IP Phone 8811, 8841, 8851, 8861, 8845, 8865 Desktop Phones - IP Phone 8811, 8841, 8851, 8861, 8845, 8865 Desktop Phones with Multiplatform Firmware - Unified IP Conference Phone 8831 - Unified IP Conference Phone 8831 for Third-Party Call Control - SPA525G 5-Line IP Phone - Cisco Unified IP Phone 7900 Series - Wireless IP Phone 8821 and 8821-EX 6. 公开公告和利用情况: - 未发现任何公开公告或恶意利用这些漏洞的情况。 7. 来源: - 感谢Qian Chen of Qihoo 360 Nirvan Team报告这些漏洞。 8. 修订历史: - 版本1.0:初始公开发布。 这些信息提供了关于Cisco IP Phones缓冲区溢出和拒绝服务漏洞的详细描述,包括受影响的产品列表、已修复的软件版本以及来源等关键信息。