Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2021-01241

Опубликовано: 03 мар. 2021
Источник: fstec
CVSS3: 6.5
CVSS2: 6.1
EPSS Низкий

Описание

Уязвимость реализации протоколов Cisco Discovery Protocol и Link Layer Discovery Protocol (LLDP) микропрограммного обеспечения IP-телефонов Cisco связана с ошибками переполнения буфера. Эксплуатация уязвимости может позволить нарушителю вызвать перезагрузку устройства и отказ в обслуживании

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IP Phone 8865 with Multiplatform
Cisco IP Phone 8861 with Multiplatform
Cisco IP Conference Phone 8832 with Multiplatform
IP Conference Phone 7832 with Multiplatform
Cisco IP Phone 6821 with Multiplatform
Cisco IP Phone 6841 with Multiplatform
Cisco IP Phone 6851 with Multiplatform
Cisco IP Phone 6861 with Multiplatform
Cisco IP Phone 6871 with Multiplatform
Cisco IP Phone 7811 with Multiplatform
Cisco IP Phone 7821 with Multiplatform
Cisco IP Phone 7841 with Multiplatform
Cisco IP Phone 7861 with Multiplatform
Cisco IP Phone 8811 with Multiplatform
Cisco IP Phone 8841 with Multiplatform
Cisco IP Phone 8851 with Multiplatform
Cisco IP Phone 8845 with Multiplatform
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco IP Phone 8851
Cisco IP Phone 8861
Cisco IP Phone 8845
Cisco IP Phone 8865
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 8832
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco Unified IP 8831 Conference Phone
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX

Версия ПО

до 11.3(1)SR1 (Cisco IP Phone 8865 with Multiplatform)
до 11.3.2 (Cisco IP Phone 8861 with Multiplatform)
до 11.3(2) (Cisco IP Conference Phone 8832 with Multiplatform)
до 11.3(2) (IP Conference Phone 7832 with Multiplatform)
до 11.3(2) (Cisco IP Phone 6821 with Multiplatform)
до 11.3(2) (Cisco IP Phone 6841 with Multiplatform)
до 11.3(2) (Cisco IP Phone 6851 with Multiplatform)
до 11.3(2) (Cisco IP Phone 6861 with Multiplatform)
до 11.3(2) (Cisco IP Phone 6871 with Multiplatform)
до 11.3(2) (Cisco IP Phone 7811 with Multiplatform)
до 11.3(2) (Cisco IP Phone 7821 with Multiplatform)
до 11.3(2) (Cisco IP Phone 7841 with Multiplatform)
до 11.3(2) (Cisco IP Phone 7861 with Multiplatform)
до 11.3(2) (Cisco IP Phone 8811 with Multiplatform)
до 11.3(2) (Cisco IP Phone 8841 with Multiplatform)
до 11.3(2) (Cisco IP Phone 8851 with Multiplatform)
до 11.3(2) (Cisco IP Phone 8845 with Multiplatform)
до 12.8(1) (Cisco IP Phone 8811)
до 12.8(1) (Cisco IP Phone 8841)
до 12.8(1) (Cisco IP Phone 8851)
до 12.8(1) (Cisco IP Phone 8861)
до 12.8(1) (Cisco IP Phone 8845)
до 12.8(1) (Cisco IP Phone 8865)
до 12.8(1) (Cisco IP Conference Phone 7832)
до 12.8(1) (Cisco IP Conference Phone 8832)
до 12.8(1) (Cisco IP Phone 7811)
до 12.8(1) (Cisco IP Phone 7821)
до 12.8(1) (Cisco IP Phone 7841)
до 12.8(1) (Cisco IP Phone 7861)
до 10.3(1) (Cisco Unified IP 8831 Conference Phone)
до 11.0(6.6) (Cisco Wireless IP Phone 8821)
до 11.0(6.6) (Cisco Wireless IP Phone 8821-EX)

Тип ПО

ПО сетевого программно-аппаратного средства
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,1)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 6,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 26%
0.00091
Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2021-1379

CVSS3: 6.5
nvd
около 1 года назад

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no work

github логотип

GHSA-722m-4rr5-cvfh

CVSS3: 6.5
github
около 1 года назад

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no wo...

EPSS

Процентиль: 26%
0.00091
Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS2