CVE-2021-34711

EPSS 0.07%
Published 06.10.2021 20:15:09
Last modified 21.11.2024 06:11:01
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ip Conference Phone 7832 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Conference Phone 7832 Version-

Cisco ≫ Ip Conference Phone 8832 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Conference Phone 8832 Version-

Cisco ≫ Ip Phone 7811 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7811 Version-

Cisco ≫ Ip Phone 7821 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7821 Version-

Cisco ≫ Ip Phone 7832 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7832 Version-

Cisco ≫ Ip Phone 7841 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7841 Version-

Cisco ≫ Ip Phone 7861 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7861 Version-

Cisco ≫ Ip Phone 8811 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8811 Version-

Cisco ≫ Ip Phone 8831 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8831 Version-

Cisco ≫ Ip Phones 8832 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phones 8832 Version-

Cisco ≫ Ip Phone 8841 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8841 Version-

Cisco ≫ Ip Phone 8845 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8845 Version-

Cisco ≫ Ip Phone 8851 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8851 Version-

Cisco ≫ Ip Phone 8861 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8861 Version-

Cisco ≫ Ip Phone 8865 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8865 Version-

Cisco ≫ Wireless Ip Phone 8821 Firmware Version < 11.0\(6\)sr2

Cisco ≫ Wireless Ip Phone 8821 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.177

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-36 Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34711

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34711

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34711

EUVD