Cyber Resilience

CVE-2021-1379

Medium

Published: 18 November 2024

Published
18 November 2024
Modified
06 January 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0012 30.4th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-1379 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Cisco Unified Ip Conference Phone 8831 Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 30.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are…

more

due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ip conference phone 7832 firmware
12.8\(1\) · ≤ 12.8\(1\)
cisco
ip conference phone 7832 with multiplatform firmware
≤ 11.3\(2\)
cisco
ip conference phone 8832 firmware
12.8\(1\) · ≤ 12.8\(1\)
cisco
ip conference phone 8832 with multiplatform firmware
≤ 11.3\(2\)
cisco
ip phone 6821 with multiplatform firmware
≤ 11.3\(2\)
cisco
ip phone 6841 with multiplatform firmware
≤ 11.3\(2\)
cisco
ip phone 6851 with multiplatform firmware
≤ 11.3\(2\)
cisco
ip phone 6861 with multiplatform firmware
≤ 11.3\(2\)
cisco
ip phone 6871 with multiplatform firmware
≤ 11.3\(2\)
cisco
ip phone 7811 firmware
12.8\(1\) · ≤ 12.8\(1\)
+24 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References