CVE-2021-1379 — MEDIUM (6.5)

Q: How severe is CVE-2021-1379?

CVE-2021-1379 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-1379?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Conference Phone 7832 Firmware, Cisco Ip Conference Phone 7832 With Multiplatform Firmware, Cisco Ip Conference Phone 7832, Cisco Ip Conference Phone 8832 Firmware, Cisco Ip Conference Phone 8832 With Multiplatform Firmware.

Vulnerability Description

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ip Conference Phone 7832 Firmware	< 12.8\(1\)
Cisco	Ip Conference Phone 7832 With Multiplatform Firmware	< 11.3\(2\)
Cisco	Ip Conference Phone 7832	-
Cisco	Ip Conference Phone 8832 Firmware	< 12.8\(1\)
Cisco	Ip Conference Phone 8832 With Multiplatform Firmware	< 11.3\(2\)
Cisco	Ip Conference Phone 8832	-
Cisco	Ip Phone 6821 With Multiplatform Firmware	< 11.3\(2\)
Cisco	Ip Phone 6821	-
Cisco	Ip Phone 6841 With Multiplatform Firmware	< 11.3\(2\)
Cisco	Ip Phone 6841	-
Cisco	Ip Phone 6851 With Multiplatform Firmware	< 11.3\(2\)
Cisco	Ip Phone 6851	-
Cisco	Ip Phone 6861 With Multiplatform Firmware	< 11.3\(2\)
Cisco	Ip Phone 6861	-
Cisco	Ip Phone 6871 With Multiplatform Firmware	< 11.3\(2\)
Cisco	Ip Phone 6871	-
Cisco	Ip Phone 7811 Firmware	< 12.8\(1\)
Cisco	Ip Phone 7811 With Multiplatform Firmware	< 11.3\(2\)
Cisco	Ip Phone 7811	-
Cisco	Ip Phone 7821 Firmware	< 12.8\(1\)

Related Weaknesses (CWE)

CWE-120

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory

FAQ

What is CVE-2021-1379?

CVE-2021-1379 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adj...

How severe is CVE-2021-1379?

CVE-2021-1379 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1379?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Conference Phone 7832 Firmware, Cisco Ip Conference Phone 7832 With Multiplatform Firmware, Cisco Ip Conference Phone 7832, Cisco Ip Conference Phone 8832 Firmware, Cisco Ip Conference Phone 8832 With Multiplatform Firmware.