Jay Lv

**Name of the Vulnerable Software and Affected Versions** Cisco IP Phone software (affected versions not specified) **Description** A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This issue is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlueZ versions prior to 5.55 **Description** The issue is related to a double free error in the gatttool disconnect cb() routine from shared/att.c, caused by a redundant disconnect MGMT event. This could allow a remote attacker to potentially cause a denial of service or code execution during service discovery, leading to unauthorized access to confidential data, disruption of data integrity, and service disruption. **Recommendations** For versions prior to 5.55, update to version 5.55 or later to resolve the issue. As a temporary workaround, consider restricting service discovery to minimize the risk of exploitation.