#VU54621 Buffer overflow in Cisco Systems, Inc products - CVE-2021-33478
Published: July 8, 2021
Vulnerability identifier: #VU54621
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-33478
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IP Phone 8800 Series with Multiplatform Firmware
Cisco IP Phone 8811 with Multiplatform Firmware
Cisco IP Phone 8841 with Multiplatform Firmware
Cisco IP Phone 8851 with Multiplatform Firmware
Cisco IP Phone 8861 with Multiplatform Firmware
Cisco IP Phone 8845 with Multiplatform Firmware
Cisco IP Phone 8865 with Multiplatform Firmware
Cisco IP Phone 8845
Cisco IP Phone 8800 Series
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco IP Phone 8851
Cisco Wireless IP Phone 8821
Cisco IP Phone 8865
Cisco IP Phone 8861
Cisco IP Phone 8800 Series with Multiplatform Firmware
Cisco IP Phone 8811 with Multiplatform Firmware
Cisco IP Phone 8841 with Multiplatform Firmware
Cisco IP Phone 8851 with Multiplatform Firmware
Cisco IP Phone 8861 with Multiplatform Firmware
Cisco IP Phone 8845 with Multiplatform Firmware
Cisco IP Phone 8865 with Multiplatform Firmware
Cisco IP Phone 8845
Cisco IP Phone 8800 Series
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco IP Phone 8851
Cisco Wireless IP Phone 8821
Cisco IP Phone 8865
Cisco IP Phone 8861
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the TrustZone implementation. An attacker with physical access can dismount the backplate of the device, trigger a specific series of impulses on the chipset and execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.