Details of VAR-202103-1591

ID

VAR-202103-1591

CVE

CVE-2021-1379

TITLE

Cisco IP Phone Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202103-304

DESCRIPTION

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Trust: 1.0

sources: NVD: CVE-2021-1379

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 7861	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	wireless ip phone 8821-ex	scope:	lt	version:	11.0\(6.6\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	spa525g	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ip conference phone 8832	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	unified ip conference phone 8831	scope:	lt	version:	10.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip conference phone 8832 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7811	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7861	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 6871 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	unified ip conference phone 8831 for third-party call control	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ip phone 7811	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 6841 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip conference phone 7832	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7811 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip conference phone 7832	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	wireless ip phone 8821	scope:	lt	version:	11.0\(6.6\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip conference phone 8832	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 6861 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	eq	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 6851 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7861 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 6821 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	unified ip conference phone 8831	scope:	eq	version:	10.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip conference phone 7832 with multiplatform	scope:	lt	version:	11.3\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841	scope:	lt	version:	12.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	lt	version:	12.8\(1\)	Trust: 1.0

sources: NVD: CVE-2021-1379

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2021-1379
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202103-304
value:	MEDIUM
Trust: 0.6

psirt@cisco.com:	CVE-2021-1379
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202103-304 // NVD: CVE-2021-1379

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2021-1379

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-304

PATCH

title:

Cisco IP Phone Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143405

Trust: 0.6

sources: CNNVD: CNNVD-202103-304

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1379	Trust: 1.6
db:	AUSCERT	id:	ESB-2021.0779	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-304	Trust: 0.6

sources: CNNVD: CNNVD-202103-304 // NVD: CVE-2021-1379

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipphone-rce-dos-u2psskz3	Trust: 1.0
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-distupd-n87eb6z3	Trust: 1.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipphone-rce-dos-u2psskz3	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ip-phone-multiple-vulnerabilities-via-cdp-lldp-34740	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0779	Trust: 0.6

sources: CNNVD: CNNVD-202103-304 // NVD: CVE-2021-1379

SOURCES

db:	CNNVD	id:	CNNVD-202103-304
db:	NVD	id:	CVE-2021-1379

LAST UPDATE DATE

2026-01-14T23:52:44.504000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202103-304	date:	2021-03-05T00:00:00
db:	NVD	id:	CVE-2021-1379	date:	2026-01-06T17:30:36.293

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202103-304	date:	2021-03-03T00:00:00
db:	NVD	id:	CVE-2021-1379	date:	2024-11-18T16:15:09.310