CVE-2021-33478: Buffer Overflow
First published: Thu Jul 22 2021(Updated: )
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Ip Phone 8800 Firmware | <14.0\(1\) | |
| Cisco Ip Phone 8800 Series With Multiplatform Firmware | <11.3\(4\) | |
| Cisco Ip Phone 8811 Firmware | <14.0\(1\) | |
| Cisco Ip Phone 8811 With Multiplatform Firmware | <11.3\(4\) | |
| Cisco Ip Phone 8841 Firmware | <14.0\(1\) | |
| Cisco Ip Phone 8841 With Multiplatform Firmware | <11.3\(4\) | |
| Cisco Ip Phone 8845 Firmware | <14.0\(1\) | |
| Cisco Ip Phone 8845 With Multiplatform Firmware | <11.3\(4\) | |
| Cisco Ip Phone 8851 Firmware | <14.0\(1\) | |
| Cisco Ip Phone 8851 With Multiplatform Firmware | <11.3\(4\) | |
| Cisco Ip Phone 8861 Firmware | <14.0\(1\) | |
| Cisco Ip Phone 8861 With Multiplatform Firmware | <11.3\(4\) | |
| Cisco Ip Phone 8865 Firmware | <14.0\(1\) | |
| Cisco Ip Phone 8865 With Multiplatform Firmware | <11.3\(4\) | |
| Cisco Wireless Ip Phone 8821 Firmware | <11.0\(6\)sr1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-33478?
CVE-2021-33478 is a vulnerability that allows an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of certain Broadcom MediaxChange firmware.
Which devices are affected by CVE-2021-33478?
Cisco IP Phones and Cisco Wireless IP Phones are affected by CVE-2021-33478.
How does CVE-2021-33478 work?
CVE-2021-33478 leverages a flaw in the TrustZone implementation in certain Broadcom MediaxChange firmware, allowing an attacker to execute arbitrary code in the TEE of the affected device.
What is the severity of CVE-2021-33478?
The severity of CVE-2021-33478 is medium, with a CVSS score of 6.8.
Where can I find more information about CVE-2021-33478?
You can find more information about CVE-2021-33478 in the Cisco Security Advisory: [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh).
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco ip phone 8800 firmware
- canonical/cisco ip phone 8800 series with multiplatform firmware
- canonical/cisco ip phone 8811 firmware
- canonical/cisco ip phone 8811 with multiplatform firmware
- canonical/cisco ip phone 8841 firmware
- canonical/cisco ip phone 8841 with multiplatform firmware
- canonical/cisco ip phone 8845 firmware
- canonical/cisco ip phone 8845 with multiplatform firmware
- canonical/cisco ip phone 8851 firmware
- canonical/cisco ip phone 8851 with multiplatform firmware
- canonical/cisco ip phone 8861 firmware
- canonical/cisco ip phone 8861 with multiplatform firmware
- canonical/cisco ip phone 8865 firmware
- canonical/cisco ip phone 8865 with multiplatform firmware
- canonical/cisco wireless ip phone 8821 firmware