Remote code execution in Cisco IP Phones
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU51233
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1379
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary error in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target IP phone or cause a denial of service (DoS) condition.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Unified IP Conference Phone 8831 for Third-Party Call Control: All versions
Cisco SPA525G 5-Line IP Phone: All versions
Cisco IP Conference Phone 7832: before 12.8.1 SR1
Cisco IP Conference Phone 7832 with Multiplatform Firmware: before 11.3.2
Cisco IP Conference Phone 8832: before 12.8.1 SR1
Cisco IP Conference Phone 8832 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 6821 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 6841 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 6851 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 6861 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 6871 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 7811: before 12.8.1 SR1
Cisco IP Phone 7811 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 7821: before 12.8.1 SR1
Cisco IP Phone 7821 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 7841: before 12.8.1 SR1
Cisco IP Phone 7841 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 7861: before 12.8.1 SR1
Cisco IP Phone 7861 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 8811: before 12.8.1 SR1
Cisco IP Phone 8811 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 8841: before 12.8.1 SR1
Cisco IP Phone 8841 with Multiplatform Firmware: before 11.3.2
Cisco Wireless IP Phone 8851: before 12.8.1 SR1
Cisco IP Phone 8851 with Multiplatform Firmware: before 11.3.2
Cisco IP Phone 8861: before 12.8.1 SR1
Cisco IP Phone 8861 with Multiplatform Firmware: before 11.3.2
Cisco Wireless IP Phone 8845: before 12.8.1 SR1
Cisco IP Phone 8845 with Multiplatform Firmware: before 11.3.2
Cisco Unified IP Conference Phone 8831: before 10.3.1 SR7
Cisco Wireless IP Phone 8821: before 11.0.6.6
Cisco Wireless IP Phone 8821-EX: before 11.0.6.6
Cisco IP Phone 8865: before 12.8.1 SR1
Cisco IP Phone 8865 with Multiplatform Firmware: before 11.3.2
CPE2.3- cpe:2.3:h:cisco_systems:cisco_unified_ip_conference_phone_8831_for_third-party_call_control:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_spa525g_5-line_ip_phone:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
