CVE-2021-1379
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2021-1379 refers to multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx. These flaws allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. The vulnerabilities arise from insufficient checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet, enabling an attacker to send a malicious packet and exploit the issue. To successfully exploit these vulnerabilities, the attacker must be in the same broadcast domain as the targeted device. Cisco has released software updates to mitigate these risks, and no workarounds are currently available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.