CVE-2021-33478

Name of the Vulnerable Software and Affected Versions Cisco IP Phone series 8800 versions prior to 2021-07-07

Description The issue is related to the implementation of the TrustZone technology in the microprogram software of Cisco IP Phone series 8800. It is caused by a lack of mechanism for checking the size of copied data. An unauthenticated, physically proximate attacker could achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. Exploitation is possible only when the attacker can disassemble the device to control the voltage/current for chip pins.

Recommendations For versions prior to 2021-07-07, update the firmware to a version released after 2021-07-07 to resolve the issue. As a temporary workaround, consider restricting physical access to the device to minimize the risk of exploitation.