CVE-2019-1684

Name of the Vulnerable Software and Affected Versions Cisco IP Phone versions prior to 12.6(1)MN80

Description The issue is caused by a lack of length validation of certain packet header fields in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementation. This could allow an attacker to cause a phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The attacker could exploit this by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone.

Recommendations For versions prior to 12.6(1)MN80, update to version 12.6(1)MN80 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cisco Discovery Protocol and LLDP to minimize the risk of exploitation. Avoid using the vulnerable protocol implementations until the issue is resolved.