Rewterz Threat Advisory – CVE-2021-22125 – FortiSandbox Command Injection in Sniffer Module
July 9, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
July 9, 2021Rewterz Threat Advisory – CVE-2021-22125 – FortiSandbox Command Injection in Sniffer Module
July 9, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
July 9, 2021Severity
Medium
Analysis Summary
CVE-2021-33478
Multiple Cisco products could allow a local attacker to execute arbitrary code on the system, caused by a flaw in TrustZone implementation in certain Broadcom MediaxChange firmware. By dismounting the backplate of the device and triggering a specific series of impulses on the chipset, an attacker could exploit this vulnerability to execute arbitrary code with privilege escalation.
Impact
- Unauthorized access
- Code execution
Affected Vendors
Cisco
Affected Products
- Cisco IP Phone 8851
- Cisco IP Phone 8865
- Cisco IP Phone 8811
- Cisco IP Phone 8845
- Cisco IP Phone 8861
- Cisco IP Phone 8800 Series
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.