Severity
Medium
Analysis Summary
CVE-2021-33478
Multiple Cisco products could allow a local attacker to execute arbitrary code on the system, caused by a flaw in TrustZone implementation in certain Broadcom MediaxChange firmware. By dismounting the backplate of the device and triggering a specific series of impulses on the chipset, an attacker could exploit this vulnerability to execute arbitrary code with privilege escalation.
Impact
- Unauthorized access
- Code execution
Affected Vendors
Cisco
Affected Products
- Cisco IP Phone 8851
- Cisco IP Phone 8865
- Cisco IP Phone 8811
- Cisco IP Phone 8845
- Cisco IP Phone 8861
- Cisco IP Phone 8800 Series
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.