← Back to CVEs
CVE-2021-33478
MEDIUM6.8
Description
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
CVE Details
CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorPHYSICAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/22/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
cisco:ip_phone_8800_firmwarecisco:ip_phone_8800_series_with_multiplatform_firmwarecisco:ip_phone_8811_firmwarecisco:ip_phone_8811_with_multiplatform_firmwarecisco:ip_phone_8841_firmwarecisco:ip_phone_8841_with_multiplatform_firmwarecisco:ip_phone_8845_firmwarecisco:ip_phone_8845_with_multiplatform_firmwarecisco:ip_phone_8851_firmwarecisco:ip_phone_8851_with_multiplatform_firmwarecisco:ip_phone_8861_firmwarecisco:ip_phone_8861_with_multiplatform_firmwarecisco:ip_phone_8865_firmwarecisco:ip_phone_8865_with_multiplatform_firmwarecisco:wireless_ip_phone_8821_firmware
Weaknesses (CWE)
CWE-119
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh(cve@mitre.org)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.