First published: Wed Oct 06 2021(Updated: )
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Ip Conference Phone 7832 Firmware | <14.1\(1\) | |
Cisco Ip Conference Phone 7832 | ||
Cisco Ip Conference Phone 8832 Firmware | <14.1\(1\) | |
Cisco Ip Conference Phone 8832 | ||
Cisco Ip Phone 7811 Firmware | <14.1\(1\) | |
Cisco Ip Phone 7811 | ||
Cisco Ip Phone 7821 Firmware | <14.1\(1\) | |
Cisco Ip Phone 7821 | ||
Cisco Ip Phone 7832 Firmware | <14.1\(1\) | |
Cisco Ip Phone 7832 | ||
Cisco Ip Phone 7841 Firmware | <14.1\(1\) | |
Cisco Ip Phone 7841 | ||
Cisco Ip Phone 7861 Firmware | <14.1\(1\) | |
Cisco IP Phone 7861 | ||
Cisco Ip Phone 8811 Firmware | <14.1\(1\) | |
Cisco Ip Phone 8811 | ||
Cisco Ip Phone 8831 Firmware | <14.1\(1\) | |
Cisco Ip Phone 8831 | ||
Cisco Ip Phones 8832 Firmware | <14.1\(1\) | |
Cisco Ip Phones 8832 | ||
Cisco Ip Phone 8841 Firmware | <14.1\(1\) | |
Cisco Ip Phone 8841 | ||
Cisco Ip Phone 8845 Firmware | <14.1\(1\) | |
Cisco Ip Phone 8845 | ||
Cisco Ip Phone 8851 Firmware | <14.1\(1\) | |
Cisco IP Phone 8851 | ||
Cisco Ip Phone 8861 Firmware | <14.1\(1\) | |
Cisco Ip Phone 8861 | ||
Cisco Ip Phone 8865 Firmware | <14.1\(1\) | |
Cisco Ip Phone 8865 | ||
Cisco Wireless Ip Phone 8821 Firmware | <11.0\(6\)sr2 | |
Cisco Wireless Ip Phone 8821 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34711 is a vulnerability in the debug shell of Cisco IP Phone software that allows an authenticated, local attacker to read any file on the device file system.
This vulnerability is due to insufficient input validation in the debug shell of Cisco IP Phone software.
CVE-2021-34711 has a severity score of 5.5, which is considered medium.
CVE-2021-34711 affects Cisco IP Conference Phone 7832 Firmware up to version 14.1(1), Cisco IP Conference Phone 8832 Firmware up to version 14.1(1), Cisco IP Phone 7811 Firmware up to version 14.1(1), Cisco IP Phone 7821 Firmware up to version 14.1(1), Cisco IP Phone 7832 Firmware up to version 14.1(1), Cisco IP Phone 7841 Firmware up to version 14.1(1), Cisco IP Phone 7861 Firmware up to version 14.1(1), Cisco IP Phone 8811 Firmware up to version 14.1(1), Cisco IP Phone 8831 Firmware up to version 14.1(1), Cisco IP Phones 8832 Firmware up to version 14.1(1), Cisco IP Phone 8841 Firmware up to version 14.1(1), Cisco IP Phone 8845 Firmware up to version 14.1(1), Cisco IP Phone 8851 Firmware up to version 14.1(1), Cisco IP Phone 8861 Firmware up to version 14.1(1), Cisco IP Phone 8865 Firmware up to version 14.1(1), and Cisco Wireless IP Phone 8821 Firmware up to version 11.0(6)sr2.
To fix CVE-2021-34711, Cisco recommends upgrading to a fixed software release.