CVE-2021-34711

Published: Oct 6, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.

Affected (16)

Products: Cisco: Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 Firmware, Ip Phone 7811 Firmware, Ip Phone 7821 Firmware, Ip Phone 7832 Firmware, Ip Phone 7841 Firmware, Ip Phone 7861 Firmware, Ip Phone 8811 Firmware, Ip Phone 8831 Firmware, Ip Phones 8832 Firmware, Ip Phone 8841 Firmware, Ip Phone 8845 Firmware, Ip Phone 8851 Firmware, Ip Phone 8861 Firmware, Ip Phone 8865 Firmware, Wireless Ip Phone 8821 Firmware

Cisco

16 products

Ip Conference Phone 7832 Firmware

Ip Conference Phone 8832 Firmware

Ip Phone 7811 Firmware

Ip Phone 7821 Firmware

Ip Phone 7832 Firmware

Ip Phone 7841 Firmware

Ip Phone 7861 Firmware

Ip Phone 8811 Firmware

Ip Phone 8831 Firmware

Ip Phones 8832 Firmware

Ip Phone 8841 Firmware

Ip Phone 8845 Firmware

Ip Phone 8851 Firmware

Ip Phone 8861 Firmware

Ip Phone 8865 Firmware

Wireless Ip Phone 8821 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Conference Phone 7832 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Conference Phone 7832	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Conference Phone 8832 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Conference Phone 8832	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7811 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 7811	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7821 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 7821	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7832 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 7832	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7841 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 7841	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7861 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 7861	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8811 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 8811	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8831 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 8831	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phones 8832 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phones 8832	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8841 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 8841	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8845 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 8845	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8851 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 8851	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8861 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 8861	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8865 Firmware	Before 14.1\(1\)

Running on/with	Platform Versions
Cisco Ip Phone 8865	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Wireless Ip Phone 8821 Firmware	Before 11.0\(6\)sr2

Running on/with	Platform Versions
Cisco Wireless Ip Phone 8821	All versions

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-36

Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.