#VU51233 Buffer overflow in Cisco Systems, Inc products - CVE-2021-1379
Published: March 4, 2021
Vulnerability identifier: #VU51233
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-1379
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Cisco SPA525G 5-Line IP Phone
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 7832 with Multiplatform Firmware
Cisco IP Conference Phone 8832
Cisco IP Conference Phone 8832 with Multiplatform Firmware
Cisco IP Phone 6821 with Multiplatform Firmware
Cisco IP Phone 6841 with Multiplatform Firmware
Cisco IP Phone 6851 with Multiplatform Firmware
Cisco IP Phone 6861 with Multiplatform Firmware
Cisco IP Phone 6871 with Multiplatform Firmware
Cisco IP Phone 7811
Cisco IP Phone 7811 with Multiplatform Firmware
Cisco IP Phone 7821
Cisco IP Phone 7821 with Multiplatform Firmware
Cisco IP Phone 7841
Cisco IP Phone 7841 with Multiplatform Firmware
Cisco IP Phone 7861
Cisco IP Phone 7861 with Multiplatform Firmware
Cisco IP Phone 8811
Cisco IP Phone 8811 with Multiplatform Firmware
Cisco IP Phone 8841
Cisco IP Phone 8841 with Multiplatform Firmware
Cisco Wireless IP Phone 8851
Cisco IP Phone 8851 with Multiplatform Firmware
Cisco IP Phone 8861 with Multiplatform Firmware
Cisco Wireless IP Phone 8845
Cisco IP Phone 8845 with Multiplatform Firmware
Cisco Unified IP Conference Phone 8831
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Cisco IP Phone 8865 with Multiplatform Firmware
Cisco IP Phone 8861
Cisco IP Phone 8865
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Cisco SPA525G 5-Line IP Phone
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 7832 with Multiplatform Firmware
Cisco IP Conference Phone 8832
Cisco IP Conference Phone 8832 with Multiplatform Firmware
Cisco IP Phone 6821 with Multiplatform Firmware
Cisco IP Phone 6841 with Multiplatform Firmware
Cisco IP Phone 6851 with Multiplatform Firmware
Cisco IP Phone 6861 with Multiplatform Firmware
Cisco IP Phone 6871 with Multiplatform Firmware
Cisco IP Phone 7811
Cisco IP Phone 7811 with Multiplatform Firmware
Cisco IP Phone 7821
Cisco IP Phone 7821 with Multiplatform Firmware
Cisco IP Phone 7841
Cisco IP Phone 7841 with Multiplatform Firmware
Cisco IP Phone 7861
Cisco IP Phone 7861 with Multiplatform Firmware
Cisco IP Phone 8811
Cisco IP Phone 8811 with Multiplatform Firmware
Cisco IP Phone 8841
Cisco IP Phone 8841 with Multiplatform Firmware
Cisco Wireless IP Phone 8851
Cisco IP Phone 8851 with Multiplatform Firmware
Cisco IP Phone 8861 with Multiplatform Firmware
Cisco Wireless IP Phone 8845
Cisco IP Phone 8845 with Multiplatform Firmware
Cisco Unified IP Conference Phone 8831
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Cisco IP Phone 8865 with Multiplatform Firmware
Cisco IP Phone 8861
Cisco IP Phone 8865
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary error in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target IP phone or cause a denial of service (DoS) condition.
Remediation
Install updates from vendor's website.