// For flags

CVE-2021-34711

Cisco IP Phone Software Arbitrary File Read Vulnerability

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.

Una vulnerabilidad en el shell de depuración del software de Cisco IP Phone podría permitir a un atacante local autenticado leer cualquier archivo del sistema de archivos del dispositivo. Esta vulnerabilidad es debido a una comprobación de entrada insuficiente. Un atacante podría explotar esta vulnerabilidad al proporcionar una entrada diseñada a un comando del shell de depuración. Una explotación con éxito podría permitir al atacante leer cualquier archivo en el sistema de archivos del dispositivo

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2021-06-15 CVE Reserved
  • 2021-10-06 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-36: Absolute Path Traversal
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ip Conference Phone 7832 Firmware
Search vendor "Cisco" for product "Ip Conference Phone 7832 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Conference Phone 7832 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Conference Phone 7832
Search vendor "Cisco" for product "Ip Conference Phone 7832"
--
Safe
Cisco
Search vendor "Cisco"
Ip Conference Phone 8832 Firmware
Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Conference Phone 8832
Search vendor "Cisco" for product "Ip Conference Phone 8832"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7811 Firmware
Search vendor "Cisco" for product "Ip Phone 7811 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 7811 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7811
Search vendor "Cisco" for product "Ip Phone 7811"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7821 Firmware
Search vendor "Cisco" for product "Ip Phone 7821 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 7821 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7821
Search vendor "Cisco" for product "Ip Phone 7821"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7832 Firmware
Search vendor "Cisco" for product "Ip Phone 7832 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 7832 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7832
Search vendor "Cisco" for product "Ip Phone 7832"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7841 Firmware
Search vendor "Cisco" for product "Ip Phone 7841 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 7841 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7841
Search vendor "Cisco" for product "Ip Phone 7841"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7861 Firmware
Search vendor "Cisco" for product "Ip Phone 7861 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 7861 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7861
Search vendor "Cisco" for product "Ip Phone 7861"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8811 Firmware
Search vendor "Cisco" for product "Ip Phone 8811 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8811
Search vendor "Cisco" for product "Ip Phone 8811"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8831 Firmware
Search vendor "Cisco" for product "Ip Phone 8831 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 8831 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8831
Search vendor "Cisco" for product "Ip Phone 8831"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phones 8832 Firmware
Search vendor "Cisco" for product "Ip Phones 8832 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phones 8832 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phones 8832
Search vendor "Cisco" for product "Ip Phones 8832"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8841 Firmware
Search vendor "Cisco" for product "Ip Phone 8841 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8841
Search vendor "Cisco" for product "Ip Phone 8841"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8845 Firmware
Search vendor "Cisco" for product "Ip Phone 8845 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 8845 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8845
Search vendor "Cisco" for product "Ip Phone 8845"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8851 Firmware
Search vendor "Cisco" for product "Ip Phone 8851 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8851
Search vendor "Cisco" for product "Ip Phone 8851"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8861 Firmware
Search vendor "Cisco" for product "Ip Phone 8861 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8861
Search vendor "Cisco" for product "Ip Phone 8861"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8865 Firmware
Search vendor "Cisco" for product "Ip Phone 8865 Firmware"
< 14.1\(1\)
Search vendor "Cisco" for product "Ip Phone 8865 Firmware" and version " < 14.1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8865
Search vendor "Cisco" for product "Ip Phone 8865"
--
Safe
Cisco
Search vendor "Cisco"
Wireless Ip Phone 8821 Firmware
Search vendor "Cisco" for product "Wireless Ip Phone 8821 Firmware"
< 11.0\(6\)sr2
Search vendor "Cisco" for product "Wireless Ip Phone 8821 Firmware" and version " < 11.0\(6\)sr2"
-
Affected
in Cisco
Search vendor "Cisco"
Wireless Ip Phone 8821
Search vendor "Cisco" for product "Wireless Ip Phone 8821"
--
Safe