{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-1379","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2020-11-13T00:00:00.000Z","datePublished":"2024-11-18T15:42:00.388Z","dateUpdated":"2024-11-18T16:23:13.534Z"},"containers":{"cna":{"title":"Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"descriptions":[{"lang":"en","value":"Multiple vulnerabilities in the Cisco&nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco&nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco&nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco&nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco&nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco&nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3","name":"cisco-sa-ipphone-rce-dos-U2PsSkz3"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}],"source":{"advisory":"cisco-sa-ipphone-rce-dos-U2PsSkz3","discovery":"EXTERNAL","defects":["CSCvu59351"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","type":"cwe","cweId":"CWE-120"}]}],"affected":[{"vendor":"Cisco","product":"Cisco IP Phones with Multiplatform Firmware","versions":[{"version":"11.1.2","status":"affected"},{"version":"11.2.1","status":"affected"},{"version":"11.2.3","status":"affected"},{"version":"11.2.2","status":"affected"},{"version":"11.2.3 MSR1-1","status":"affected"},{"version":"11.1.2 MSR1-1","status":"affected"},{"version":"11.1.1","status":"affected"},{"version":"11.1.2 MSR3-1","status":"affected"},{"version":"11.0.0","status":"affected"},{"version":"11.1.1 MSR1-1","status":"affected"},{"version":"11.0.1","status":"affected"},{"version":"11.1.1 MSR2-1","status":"affected"},{"version":"11.2.4","status":"affected"},{"version":"11.0.1 MSR1-1","status":"affected"},{"version":"11.0.2","status":"affected"},{"version":"11.3.1","status":"affected"},{"version":"11.3.1 MSR1-3","status":"affected"},{"version":"11.3.2","status":"affected"},{"version":"11.3.1 MSR2-6","status":"affected"},{"version":"11.3.1 MSR3-3","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Cisco","product":"Cisco Session Initiation Protocol (SIP) Software","versions":[{"version":"9.0(3)","status":"affected"},{"version":"9.0(2)SR2","status":"affected"},{"version":"9.0(2)SR1","status":"affected"},{"version":"9.2(1)","status":"affected"},{"version":"9.4(2)SR1","status":"affected"},{"version":"9.4(2)","status":"affected"},{"version":"9.4(2)SR2","status":"affected"},{"version":"9.4(2)SR3","status":"affected"},{"version":"9.3(1)SR2","status":"affected"},{"version":"9.3(1)SR3","status":"affected"},{"version":"9.3(1)SR1","status":"affected"},{"version":"9.1(1)SR1","status":"affected"},{"version":"9.3(1)SR4","status":"affected"},{"version":"9.2(3)","status":"affected"},{"version":"9.2(1)SR2","status":"affected"},{"version":"9.3(1)","status":"affected"},{"version":"9.4(2)SR4","status":"affected"},{"version":"12.1(1)SR1","status":"affected"},{"version":"11.5(1)","status":"affected"},{"version":"10.3(2)","status":"affected"},{"version":"10.2(2)","status":"affected"},{"version":"10.3(1)","status":"affected"},{"version":"10.3(1)SR4","status":"affected"},{"version":"11.0(1)","status":"affected"},{"version":"10.4(1)SR2 3rd Party","status":"affected"},{"version":"11.7(1)","status":"affected"},{"version":"12.1(1)","status":"affected"},{"version":"11.0(0.7) MPP","status":"affected"},{"version":"9.3(4) 3rd Party","status":"affected"},{"version":"12.5(1)SR2","status":"affected"},{"version":"10.2(1)SR1","status":"affected"},{"version":"9.3(4)SR3 3rd Party","status":"affected"},{"version":"10.2(1)","status":"affected"},{"version":"12.5(1)","status":"affected"},{"version":"10.3(1)SR2","status":"affected"},{"version":"11-0-1MSR1-1","status":"affected"},{"version":"10.4(1) 3rd Party","status":"affected"},{"version":"12.5(1)SR1","status":"affected"},{"version":"11.5(1)SR1","status":"affected"},{"version":"10.1(1)SR2","status":"affected"},{"version":"12.0(1)SR2","status":"affected"},{"version":"12.6(1)","status":"affected"},{"version":"10.3(1.11) 3rd Party","status":"affected"},{"version":"12.0(1)","status":"affected"},{"version":"12.0(1)SR1","status":"affected"},{"version":"9.3(3)","status":"affected"},{"version":"12.5(1)SR3","status":"affected"},{"version":"10.3(1)SR4b","status":"affected"},{"version":"9.3(4)SR1 3rd Party","status":"affected"},{"version":"10.3(1)SR5","status":"affected"},{"version":"10.1(1.9)","status":"affected"},{"version":"10.3(1.9) 3rd Party","status":"affected"},{"version":"9.3(4)SR2 3rd Party","status":"affected"},{"version":"10.3(1)SR1","status":"affected"},{"version":"10.3(1)SR3","status":"affected"},{"version":"10.1(1)SR1","status":"affected"},{"version":"12.0(1)SR3","status":"affected"},{"version":"12.6(1)SR1","status":"affected"},{"version":"12.7(1)","status":"affected"},{"version":"10.3(1)SR6","status":"affected"},{"version":"12.8(1)","status":"affected"},{"version":"12.7(1)SR1","status":"affected"},{"version":"11.0(2)SR1","status":"affected"},{"version":"11.0(4)","status":"affected"},{"version":"11.0(2)","status":"affected"},{"version":"11.0(4)SR3","status":"affected"},{"version":"11.0(5)","status":"affected"},{"version":"11.0(3)SR2","status":"affected"},{"version":"11.0(3)SR4","status":"affected"},{"version":"11.0(3)SR3","status":"affected"},{"version":"11.0(2)SR2","status":"affected"},{"version":"11.0(4)SR1","status":"affected"},{"version":"11.0(5)SR3","status":"affected"},{"version":"11.0(3)","status":"affected"},{"version":"11.0(5)SR2","status":"affected"},{"version":"11.0(3)SR6","status":"affected"},{"version":"11.0(5)SR1","status":"affected"},{"version":"11.0(4)SR2","status":"affected"},{"version":"11.0(3)SR1","status":"affected"},{"version":"11.0(3)SR5","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Cisco","product":"Cisco Small Business IP Phones","versions":[{"version":"7.4.8","status":"affected"},{"version":"7.4.3","status":"affected"},{"version":"7.5.5a","status":"affected"},{"version":"7.3.7","status":"affected"},{"version":"7.5.2","status":"affected"},{"version":"7.5.1","status":"affected"},{"version":"7.4.6","status":"affected"},{"version":"7.5.7","status":"affected"},{"version":"7.4.4","status":"affected"},{"version":"7.6.2SR3","status":"affected"},{"version":"7.6.2","status":"affected"},{"version":"7.5.6","status":"affected"},{"version":"7.5.6c","status":"affected"},{"version":"7.6.0","status":"affected"},{"version":"7.4.7","status":"affected"},{"version":"7.6.2SR6","status":"affected"},{"version":"7.5.2b","status":"affected"},{"version":"7.5.5","status":"affected"},{"version":"7.5.6a","status":"affected"},{"version":"7.6.2SR2","status":"affected"},{"version":"7.5.3","status":"affected"},{"version":"7.5.2a","status":"affected"},{"version":"7.5.6(XU)","status":"affected"},{"version":"7.5.7s","status":"affected"},{"version":"7.6.2SR4","status":"affected"},{"version":"7.6.2SR1","status":"affected"},{"version":"7.4.9","status":"affected"},{"version":"7.5.5b","status":"affected"},{"version":"7.6.2SR5","status":"affected"},{"version":"7.5.4","status":"affected"},{"version":"7.6.1","status":"affected"},{"version":"7.6.2SR7","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-11-18T15:42:00.388Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-18T16:22:56.651830Z","id":"CVE-2021-1379","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-18T16:23:13.534Z"}}]}}