A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00067.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Cisco Cisco IP Phones with Multiplatform Firmware affected
Version Status Constraints
n/a affected

Configuration 1 [-]

AND
cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:cisco:ip_phone_7832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:cisco:ip_phone_8831_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8831:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:cisco:ip_phones_8832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phones_8832:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Cisco Subscribe
Ip Conference Phone 7832 Subscribe
Ip Conference Phone 7832 Firmware Subscribe
Ip Conference Phone 8832 Subscribe
Ip Conference Phone 8832 Firmware Subscribe
Ip Phone 7811 Subscribe
Ip Phone 7811 Firmware Subscribe
Ip Phone 7821 Subscribe
Ip Phone 7821 Firmware Subscribe
Ip Phone 7832 Subscribe
Ip Phone 7832 Firmware Subscribe
Ip Phone 7841 Subscribe
Ip Phone 7841 Firmware Subscribe
Ip Phone 7861 Subscribe
Ip Phone 7861 Firmware Subscribe
Ip Phone 8811 Subscribe
Ip Phone 8811 Firmware Subscribe
Ip Phone 8831 Subscribe
Ip Phone 8831 Firmware Subscribe
Ip Phone 8841 Subscribe
Ip Phone 8841 Firmware Subscribe
Ip Phone 8845 Subscribe
Ip Phone 8845 Firmware Subscribe
Ip Phone 8851 Subscribe
Ip Phone 8851 Firmware Subscribe
Ip Phone 8861 Subscribe
Ip Phone 8861 Firmware Subscribe
Ip Phone 8865 Subscribe
Ip Phone 8865 Firmware Subscribe
Ip Phones 8832 Subscribe
Ip Phones 8832 Firmware Subscribe
Wireless Ip Phone 8821 Subscribe
Wireless Ip Phone 8821 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2021-21361 A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow cve-icon cve-icon
History

Thu, 07 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-07T21:48:26.126Z

Reserved: 2021-06-15T00:00:00

Link: CVE-2021-34711

cve-icon Vulnrichment

Updated: 2024-08-04T00:19:48.078Z

cve-icon NVD

Status : Modified

Published: 2021-10-06T20:15:09.587

Modified: 2024-11-21T06:11:01.283

Link: CVE-2021-34711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses