CVE-2021-33478

EUVD-2021-20181

22.07.2021, 17:15

The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Affected Products (NVD)

Vendor	Product	Version
cisco	ip_phone_8800_firmware	𝑥 < 14.0\(1\)
cisco	ip_phone_8800_series_with_multiplatform_firmware	𝑥 < 11.3\(4\)
cisco	ip_phone_8811_firmware	𝑥 < 14.0\(1\)
cisco	ip_phone_8811_with_multiplatform_firmware	𝑥 < 11.3\(4\)
cisco	ip_phone_8841_firmware	𝑥 < 14.0\(1\)
cisco	ip_phone_8841_with_multiplatform_firmware	𝑥 < 11.3\(4\)
cisco	ip_phone_8845_firmware	𝑥 < 14.0\(1\)
cisco	ip_phone_8845_with_multiplatform_firmware	𝑥 < 11.3\(4\)
cisco	ip_phone_8851_firmware	𝑥 < 14.0\(1\)
cisco	ip_phone_8851_with_multiplatform_firmware	𝑥 < 11.3\(4\)
cisco	ip_phone_8861_firmware	𝑥 < 14.0\(1\)
cisco	ip_phone_8861_with_multiplatform_firmware	𝑥 < 11.3\(4\)
cisco	ip_phone_8865_firmware	𝑥 < 14.0\(1\)
cisco	ip_phone_8865_with_multiplatform_firmware	𝑥 < 11.3\(4\)
cisco	wireless_ip_phone_8821_firmware	𝑥 < 11.0\(6\)sr1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh