#VU57111 Absolute Path Traversal in Cisco Systems, Inc products - CVE-2021-34711
Published: October 7, 2021
Vulnerability identifier: #VU57111
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-34711
CWE-ID: CWE-36
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 8832
Cisco IP Phone 8800 Series
Cisco Wireless IP Phone 8821
IP Phone 7800 Series
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 8832
Cisco IP Phone 8800 Series
Cisco Wireless IP Phone 8821
IP Phone 7800 Series
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A local user can provide a specially crafted input to a debug shell command and read arbitrary files on the system.
Remediation
Install update from vendor's website.