Lucene search

K
cve[email protected]CVE-2021-34711
HistoryOct 06, 2021 - 8:15 p.m.

CVE-2021-34711

2021-10-0620:15:09
CWE-36
CWE-22
web.nvd.nist.gov
22
cisco
ip phone
vulnerability
debug shell
file system
unauthorized access
security
nvd
cve-2021-34711

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.9%

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.

Affected configurations

NVD
Node
ciscoip_conference_phone_7832Match-
AND
ciscoip_conference_phone_7832_firmwareRange<14.1\(1\)
Node
ciscoip_conference_phone_8832Match-
AND
ciscoip_conference_phone_8832_firmwareRange<14.1\(1\)
Node
ciscoip_phone_7811Match-
AND
ciscoip_phone_7811_firmwareRange<14.1\(1\)
Node
ciscoip_phone_7821Match-
AND
ciscoip_phone_7821_firmwareRange<14.1\(1\)
Node
ciscoip_phone_7832Match-
AND
ciscoip_phone_7832_firmwareRange<14.1\(1\)
Node
ciscoip_phone_7841Match-
AND
ciscoip_phone_7841_firmwareRange<14.1\(1\)
Node
ciscoip_phone_7861Match-
AND
ciscoip_phone_7861_firmwareRange<14.1\(1\)
Node
ciscoip_phone_8811Match-
AND
ciscoip_phone_8811_firmwareRange<14.1\(1\)
Node
ciscoip_phone_8831_firmwareRange<14.1\(1\)
AND
ciscoip_phone_8831Match-
Node
ciscoip_phones_8832_firmwareRange<14.1\(1\)
AND
ciscoip_phones_8832Match-
Node
ciscoip_phone_8841_firmwareRange<14.1\(1\)
AND
ciscoip_phone_8841Match-
Node
ciscoip_phone_8845_firmwareRange<14.1\(1\)
AND
ciscoip_phone_8845Match-
Node
ciscoip_phone_8851_firmwareRange<14.1\(1\)
AND
ciscoip_phone_8851Match-
Node
ciscoip_phone_8861_firmwareRange<14.1\(1\)
AND
ciscoip_phone_8861Match-
Node
ciscoip_phone_8865_firmwareRange<14.1\(1\)
AND
ciscoip_phone_8865Match-
Node
ciscowireless_ip_phone_8821_firmwareRange<11.0\(6\)sr2
AND
ciscowireless_ip_phone_8821Match-

CNA Affected

[
  {
    "product": "Cisco IP Phones with Multiplatform Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.9%

Related for CVE-2021-34711