Details of VAR-202107-0879

ID

VAR-202107-0879

CVE

CVE-2021-33478

TITLE

Cisco IP Phone and Wireless IP Phone Buffer error vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-010126

DESCRIPTION

The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Broadcom Media exChange is a router firmware. A vulnerability in the TrustZone implementation in certain Broadcom MediaxChange firmware was reported by security researchers. To exploit this vulnerability on the affected Cisco products, the attacker would need to dismount the backplate of the device and trigger a specific series of impulses on the chipset. This would reload the device in a special mode allowing access to the bootshell. The attacker would then issue specific commands with crafted parameters in the bootshell, which would trigger the vulnerability. Exploitation of this vulnerability could result in arbitrary code execution with privilege escalation. At the time of publication, a link to the details about this vulnerability was not available. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh

Trust: 2.34

sources: NVD: CVE-2021-33478 // JVNDB: JVNDB-2021-010126 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-393523 // VULMON: CVE-2021-33478

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 8861 with multiplatform	scope:	lt	version:	11.3\(4\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8800	scope:	lt	version:	14.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8800 series with multiplatform	scope:	lt	version:	11.3\(4\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	lt	version:	14.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	lt	version:	14.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845 with multiplatform	scope:	lt	version:	11.3\(4\)	Trust: 1.0
vendor:	cisco	model:	wireless ip phone 8821	scope:	lt	version:	11.0\(6\)sr1	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	lt	version:	14.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865 with multiplatform	scope:	lt	version:	11.3\(4\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851 with multiplatform	scope:	lt	version:	11.3\(4\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811 with multiplatform	scope:	lt	version:	11.3\(4\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845	scope:	lt	version:	14.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851	scope:	lt	version:	14.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	lt	version:	14.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841 with multiplatform	scope:	lt	version:	11.3\(4\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ip phone 8845 with multiplatform	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8841	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ip phone 8841 with multiplatform	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ip phone 8800 series with multiplatform	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ip phone 8851 with multiplatform	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8851	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8845	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8811	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8800	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ip phone 8811 with multiplatform	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010126 // NVD: CVE-2021-33478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33478
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33478
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202107-319
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-393523
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33478
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393523
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33478
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33478
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393523 // JVNDB: JVNDB-2021-010126 // CNNVD: CNNVD-202107-319 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-33478

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	Buffer error (CWE-119) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393523 // JVNDB: JVNDB-2021-010126 // NVD: CVE-2021-33478

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202107-319

PATCH

title:	cisco-sa-brcm-mxc-jul2021-26LqUZUh	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh	Trust: 0.8
title:	Broadcom Media exChange Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156167	Trust: 0.6
title:	Cisco: Broadcom MediaxChange Vulnerability Affecting Cisco Products: July 2021	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-brcm-mxc-jul2021-26LqUZUh	Trust: 0.1

sources: VULMON: CVE-2021-33478 // JVNDB: JVNDB-2021-010126 // CNNVD: CNNVD-202107-319

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33478	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010126	Trust: 0.8
db:	CS-HELP	id:	SB2021070816	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2333	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-319	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-393523	Trust: 0.1
db:	VULMON	id:	CVE-2021-33478	Trust: 0.1

sources: VULHUB: VHN-393523 // VULMON: CVE-2021-33478 // JVNDB: JVNDB-2021-010126 // CNNVD: CNNVD-202107-319 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-33478

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-brcm-mxc-jul2021-26lquzuh	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33478	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021070816	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2333	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6

sources: VULHUB: VHN-393523 // VULMON: CVE-2021-33478 // JVNDB: JVNDB-2021-010126 // CNNVD: CNNVD-202107-319 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-33478

SOURCES

db:	VULHUB	id:	VHN-393523
db:	VULMON	id:	CVE-2021-33478
db:	JVNDB	id:	JVNDB-2021-010126
db:	CNNVD	id:	CNNVD-202107-319
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-33478

LAST UPDATE DATE

2024-08-14T12:37:15.545000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393523	date:	2021-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-010126	date:	2022-06-22T02:01:00
db:	CNNVD	id:	CNNVD-202107-319	date:	2021-08-03T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-33478	date:	2021-08-02T15:38:07.013

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393523	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010126	date:	2022-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202107-319	date:	2021-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-33478	date:	2021-07-22T17:15:09.510