CVE-2021-33478

6.8MEDIUM

Key Information:

Vendor: Cisco
Status: Ip Phone 8800 Series With Multiplatform Firmware; Ip Phone 8861 With Multiplatform Firmware; Ip Phone 8811 With Multiplatform Firmware; Ip Phone 8841 With Multiplatform Firmware
Vendor: CVE Published:; 22 July 2021

Summary

The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2021
Vulnerability Reserved
May 20, 2021