{"id": "CVE-2021-34711", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-10-06T20:15:09.587", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-36"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system."}, {"lang": "es", "value": "Una vulnerabilidad en el shell de depuraci\u00f3n del software de Cisco IP Phone podr\u00eda permitir a un atacante local autenticado leer cualquier archivo del sistema de archivos del dispositivo. Esta vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad al proporcionar una entrada dise\u00f1ada a un comando del shell de depuraci\u00f3n. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer cualquier archivo en el sistema de archivos del dispositivo"}], "lastModified": "2023-11-07T03:36:09.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E42261E2-07EC-416E-A65C-7D85584DED32", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B9BC28D-0BC0-45CB-A87B-59F407F3A210", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38F67250-E4D0-48BE-928E-EF1BB4005940", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD40B5EB-D356-42D4-9464-67D0481460A9", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32D8B3FD-3157-49D3-A4BA-D4FAAB1B6D4C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7832_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC5F5CAF-F0C4-41E4-A455-FB6A4D700A23", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67895EA8-C707-4228-A8A2-4654E2B912CA", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F83ED1C8-1655-46EC-B1F5-4BD1D519057D", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41F875DA-AF0C-49CE-8BC5-DD1E0702FACF", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8831_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B85805E6-8B5D-4677-9DDA-2FF5FB8F23C0", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8831:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF13D70B-1F27-4B3F-83FD-EF9688F1D123"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phones_8832_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1898FC60-6633-4322-9046-E1B8B85FF850", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phones_8832:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6B980D4B-63D0-4786-AD62-FFE49FED33FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFACDCE6-95B3-45A7-86D3-18F3A78D5AF7", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "280BC438-AF6B-464B-A283-CE183C06E13B", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64E92C6B-5BA7-4C5F-B262-AE20F3951923", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E3B94C-BA7B-481A-AF4D-2FCF5E81D7B6", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9A7F857-A3D7-43DA-8E94-FDA0EE542C39", "versionEndExcluding": "14.1\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59A19DB2-1E3A-40AC-B265-878E9B568E8C", "versionEndExcluding": "11.0\\(6\\)sr2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F97DF354-7690-417E-B223-72C8BDA36DA7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}