CVE-2021-33478

The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	MEDIUM
CVSS	6.8
EPSS	0.13% EPSS low
CWE	CWE-119
KEV
Published	4 years ago
Modified	1 year ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco IP Phones with Multiplatform Firmware	cisco-sa-brcm-mxc-jul2021-26LqUZUh	structured affected CSAF product_status