CVE-2021-1379
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
EPSS 0.12% · 30.4th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ip_conference_phone_7832_with_multiplatform_firmware | 0 |
| Cisco | Cisco Small Business IP Phones | 7.4.7, 7.6.2SR1, 7.5.7s |
| cisco | ip_phone_8841_firmware | *, 0 |
| cisco | ip_phone_8851_firmware | 12.8\(1\), 0 |
| cisco | ip_phone_8861_firmware | 12.8\(1\), 0 |
| cisco | ip_phone_6841_with_multiplatform_firmware | 0 |
| cisco | spa525g_firmware | |
| cisco | ip_phone_7821_with_multiplatform_firmware | 0 |
| cisco | ip_phone_6821_with_multiplatform_firmware | 0 |
| cisco | ip_phone_6851_with_multiplatform_firmware | 0 |
| cisco | ip_phone_7841_firmware | 0, 12.8\(1\) |
| cisco | ip_phone_7841_with_multiplatform_firmware | 0 |
| cisco | ip_phone_8811_firmware | 0, * |
| cisco | ip_phone_6861_with_multiplatform_firmware | 0 |
| cisco | ip_phone_8851_with_multiplatform_firmware | 0 |
| cisco | ip_conference_phone_7832_firmware | 12.8\(1\), 0 |
| cisco | ip_phone_7811_firmware | 12.8\(1\), 0 |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.4, 11.1.1 MSR2-1, 11.0.1 MSR1-1 |
| cisco | ip_phone_8845_with_multiplatform_firmware | 0 |
| cisco | wireless_ip_phone_8821_firmware | 0 |
…and 17 more
Exploit Intelligence
Timeline
- Nov 18, 2024 CVE Published
- Nov 18, 2024 CVE Updated
- Nov 19, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 25, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Apr 9, 2025 EPSS Score
- Apr 26, 2025 EPSS Score