What is CVE-2021-34711?

CVE-2021-34711 is a medium-severity vulnerability in Cisco Ip Phones With Multiplatform Firmware, classified under Absolute Path Traversal. CVSS score: 5.5/10. Published 2021-10-06.

How severe is CVE-2021-34711?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Path Traversal in Cisco Ip Phones With Multiplatform Firmware

CVE-2021-34711

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit th…

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Ip Phones With Multiplatform Firmware — versions n/a

Weakness classification (CWE)

CWE-36 — Absolute Path Traversal

References

20211006 Cisco IP Phone Software Arbitrary File Read Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2021-34711?: CVE-2021-34711 is a medium-severity vulnerability in Cisco Ip Phones With Multiplatform Firmware, classified under Absolute Path Traversal. CVSS score: 5.5/10. Published 2021-10-06.
How severe is CVE-2021-34711?: Medium severity. CVSS v3 base score is 5.5 out of 10.