← Voltar para CVEs
CVE-2021-33478
MEDIUM6.8
Descricao
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
Detalhes CVE
Pontuacao CVSS v3.16.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataquePHYSICAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/22/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
cisco:ip_phone_8800_firmwarecisco:ip_phone_8800_series_with_multiplatform_firmwarecisco:ip_phone_8811_firmwarecisco:ip_phone_8811_with_multiplatform_firmwarecisco:ip_phone_8841_firmwarecisco:ip_phone_8841_with_multiplatform_firmwarecisco:ip_phone_8845_firmwarecisco:ip_phone_8845_with_multiplatform_firmwarecisco:ip_phone_8851_firmwarecisco:ip_phone_8851_with_multiplatform_firmwarecisco:ip_phone_8861_firmwarecisco:ip_phone_8861_with_multiplatform_firmwarecisco:ip_phone_8865_firmwarecisco:ip_phone_8865_with_multiplatform_firmwarecisco:wireless_ip_phone_8821_firmware
Fraquezas (CWE)
CWE-119
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh(cve@mitre.org)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.