CVE-2021-34711
Cisco IP Phone Software Arbitrary File Read Vulnerability
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.
Una vulnerabilidad en el shell de depuración del software de Cisco IP Phone podría permitir a un atacante local autenticado leer cualquier archivo del sistema de archivos del dispositivo. Esta vulnerabilidad es debido a una comprobación de entrada insuficiente. Un atacante podría explotar esta vulnerabilidad al proporcionar una entrada diseñada a un comando del shell de depuración. Una explotación con éxito podría permitir al atacante leer cualquier archivo en el sistema de archivos del dispositivo
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-15 CVE Reserved
- 2021-10-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-36: Absolute Path Traversal
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ip Conference Phone 7832 Firmware Search vendor "Cisco" for product "Ip Conference Phone 7832 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Conference Phone 7832 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Conference Phone 7832 Search vendor "Cisco" for product "Ip Conference Phone 7832" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Conference Phone 8832 Firmware Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Conference Phone 8832 Search vendor "Cisco" for product "Ip Conference Phone 8832" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7811 Firmware Search vendor "Cisco" for product "Ip Phone 7811 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7811 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7811 Search vendor "Cisco" for product "Ip Phone 7811" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7821 Firmware Search vendor "Cisco" for product "Ip Phone 7821 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7821 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7821 Search vendor "Cisco" for product "Ip Phone 7821" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7832 Firmware Search vendor "Cisco" for product "Ip Phone 7832 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7832 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7832 Search vendor "Cisco" for product "Ip Phone 7832" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7841 Firmware Search vendor "Cisco" for product "Ip Phone 7841 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7841 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7841 Search vendor "Cisco" for product "Ip Phone 7841" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7861 Firmware Search vendor "Cisco" for product "Ip Phone 7861 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7861 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7861 Search vendor "Cisco" for product "Ip Phone 7861" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8811 Firmware Search vendor "Cisco" for product "Ip Phone 8811 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8811 Search vendor "Cisco" for product "Ip Phone 8811" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8831 Firmware Search vendor "Cisco" for product "Ip Phone 8831 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8831 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8831 Search vendor "Cisco" for product "Ip Phone 8831" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phones 8832 Firmware Search vendor "Cisco" for product "Ip Phones 8832 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phones 8832 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phones 8832 Search vendor "Cisco" for product "Ip Phones 8832" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8841 Firmware Search vendor "Cisco" for product "Ip Phone 8841 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8841 Search vendor "Cisco" for product "Ip Phone 8841" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8845 Firmware Search vendor "Cisco" for product "Ip Phone 8845 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8845 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8845 Search vendor "Cisco" for product "Ip Phone 8845" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8851 Firmware Search vendor "Cisco" for product "Ip Phone 8851 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8851 Search vendor "Cisco" for product "Ip Phone 8851" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8861 Firmware Search vendor "Cisco" for product "Ip Phone 8861 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8861 Search vendor "Cisco" for product "Ip Phone 8861" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8865 Firmware Search vendor "Cisco" for product "Ip Phone 8865 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8865 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8865 Search vendor "Cisco" for product "Ip Phone 8865" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Wireless Ip Phone 8821 Firmware Search vendor "Cisco" for product "Wireless Ip Phone 8821 Firmware" | < 11.0\(6\)sr2 Search vendor "Cisco" for product "Wireless Ip Phone 8821 Firmware" and version " < 11.0\(6\)sr2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Wireless Ip Phone 8821 Search vendor "Cisco" for product "Wireless Ip Phone 8821" | - | - |
Safe
|