CVE-2021-34711

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	MEDIUM
CVSS	5.5
EPSS	0.07% EPSS low
CWE	CWE-36
KEV
Published	4 years ago
Modified	1 year ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco IP Phones with Multiplatform Firmware	cisco-sa-ipphone-arbfileread-NPdtE2Ow	structured affected CSAF product_status
Cisco Session Initiation Protocol (SIP) Software	cisco-sa-ipphone-arbfileread-NPdtE2Ow	structured affected CSAF product_status