A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.
History

Thu, 07 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-10-06T19:46:32.157323Z

Updated: 2024-11-07T21:48:26.126Z

Reserved: 2021-06-15T00:00:00

Link: CVE-2021-34711

cve-icon Vulnrichment

Updated: 2024-08-04T00:19:48.078Z

cve-icon NVD

Status : Modified

Published: 2021-10-06T20:15:09.587

Modified: 2024-11-21T06:11:01.283

Link: CVE-2021-34711

cve-icon Redhat

No data.