Buffer overflow in Cisco Ip_phone_8800_firmware
CVE-2021-33478
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected de…
Vulnerability class: Buffer Overflow
EPSS: 0.003 (21.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Cisco Ip_phone_8800_firmware
- Cisco Ip_phone_8800_series_with_multiplatform_firmware
- Cisco Ip_phone_8811_firmware
- Cisco Ip_phone_8811_with_multiplatform_firmware
- Cisco Ip_phone_8841_firmware
- Cisco Ip_phone_8841_with_multiplatform_firmware
- Cisco Ip_phone_8845_firmware
- Cisco Ip_phone_8845_with_multiplatform_firmware
- Cisco Ip_phone_8851_firmware
- Cisco Ip_phone_8851_with_multiplatform_firmware
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-33478?
- CVE-2021-33478 is a medium-severity vulnerability in Cisco Ip_phone_8800_firmware, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 6.8/10. Published 2021-07-22.
- How severe is CVE-2021-33478?
- Medium severity. CVSS v3 base score is 6.8 out of 10.