4.6
CVSSv2

CVE-2021-33478

Published: 22/07/2021 Updated: 02/08/2021
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate malicious user to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products prior to 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ip phone 8800 firmware

cisco ip phone 8800 series with multiplatform firmware

cisco ip phone 8811 firmware

cisco ip phone 8811 with multiplatform firmware

cisco ip phone 8841 firmware

cisco ip phone 8841 with multiplatform firmware

cisco ip phone 8845 firmware

cisco ip phone 8845 with multiplatform firmware

cisco ip phone 8851 firmware

cisco ip phone 8851 with multiplatform firmware

cisco ip phone 8861 firmware

cisco ip phone 8861 with multiplatform firmware

cisco ip phone 8865 with multiplatform firmware

cisco ip phone 8865 firmware

cisco wireless ip phone 8821 firmware

Vendor Advisories

A vulnerability in the TrustZone implementation in certain Broadcom MediaxChange firmware was reported by security researchers To exploit this vulnerability on the affected Cisco products, the attacker would need to dismount the backplate of the device and trigger a specific series of impulses on the chipset This would reload the device in a spe ...