Lucene search

[email protected]CVE-2021-34711

HistoryOct 06, 2021 - 8:15 p.m.

CVE-2021-34711

2021-10-0620:15:09

CWE-36

CWE-22

[email protected]

web.nvd.nist.gov

cisco

ip phone

vulnerability

debug shell

file system

unauthorized access

security

nvd

cve-2021-34711

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.9%

JSON

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.

Affected configurations

NVD

Node

ciscoip_conference_phone_7832Match-

AND

ciscoip_conference_phone_7832_firmwareRange<14.1\(1\)

Node

ciscoip_conference_phone_8832Match-

AND

ciscoip_conference_phone_8832_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7811Match-

AND

ciscoip_phone_7811_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7821Match-

AND

ciscoip_phone_7821_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7832Match-

AND

ciscoip_phone_7832_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7841Match-

AND

ciscoip_phone_7841_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7861Match-

AND

ciscoip_phone_7861_firmwareRange<14.1\(1\)

Node

ciscoip_phone_8811Match-

AND

ciscoip_phone_8811_firmwareRange<14.1\(1\)

Node

ciscoip_phone_8831_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8831Match-

Node

ciscoip_phones_8832_firmwareRange<14.1\(1\)

AND

ciscoip_phones_8832Match-

Node

ciscoip_phone_8841_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8841Match-

Node

ciscoip_phone_8845_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8845Match-

Node

ciscoip_phone_8851_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8851Match-

Node

ciscoip_phone_8861_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8861Match-

Node

ciscoip_phone_8865_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8865Match-

Node

ciscowireless_ip_phone_8821_firmwareRange<11.0\(6\)sr2

AND

ciscowireless_ip_phone_8821Match-

CPENameOperatorVersion
cisco:ip_conference_phone_7832_firmwarecisco ip conference phone 7832 firmwarelt14.1\(1\)

CPE	Name	Operator	Version
cisco:ip_conference_phone_7832_firmware	cisco ip conference phone 7832 firmware	lt	14.1\(1\)

CNA Affected

[
  {
    "product": "Cisco IP Phones with Multiplatform Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for CVE-2021-34711

nessus1 prion1 cvelist1 cisco1 nvd1