CVE-2021-33478
6.8
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD
Description
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
Affected (15)
Products: Cisco: Ip Phone 8800 Firmware, Ip Phone 8800 Series With Multiplatform Firmware, Ip Phone 8811 Firmware, Ip Phone 8811 With Multiplatform Firmware, Ip Phone 8841 Firmware, Ip Phone 8841 With Multiplatform Firmware, Ip Phone 8845 Firmware, Ip Phone 8845 With Multiplatform Firmware, Ip Phone 8851 Firmware, Ip Phone 8851 With Multiplatform Firmware, Ip Phone 8861 Firmware, Ip Phone 8861 With Multiplatform Firmware, Ip Phone 8865 Firmware, Ip Phone 8865 With Multiplatform Firmware, Wireless Ip Phone 8821 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.0\(1\) | |
| Before 11.3\(4\) | |
| Before 14.0\(1\) | |
| Before 11.3\(4\) | |
| Before 14.0\(1\) | |
| Before 11.3\(4\) | |
| Before 14.0\(1\) | |
| Before 11.3\(4\) | |
| Before 14.0\(1\) | |
| Before 11.3\(4\) | |
| Before 14.0\(1\) | |
| Before 11.3\(4\) | |
| Before 14.0\(1\) | |
| Before 11.3\(4\) | |
| Before 11.0\(6\)sr1 |
References (2)
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.