Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2021-34711

Published: 06/10/2021 Updated: 07/11/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local malicious user to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the malicious user to read any file on the device file system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ip_conference_phone_7832_firmware

cisco ip_conference_phone_8832_firmware

cisco ip_phone_7811_firmware

cisco ip_phone_7821_firmware

cisco ip_phone_7832_firmware

cisco ip_phone_7841_firmware

cisco ip_phone_7861_firmware

cisco ip_phone_8811_firmware

cisco ip_phone_8831_firmware

cisco ip_phones_8832_firmware

cisco ip_phone_8841_firmware

cisco ip_phone_8845_firmware

cisco ip_phone_8851_firmware

cisco ip_phone_8861_firmware

cisco ip_phone_8865_firmware

cisco wireless_ip_phone_8821_firmware

Vendor Advisories

Cisco: Cisco IP Phone Software Arbitrary File Read Vulnerability
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system This vulnerability is due to insufficient input validation An attacker could exploit this vulnerability by providing crafted input to a debug shell command A successful exploit could allow the atta ...

References

CWE-22https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Owhttps://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook