A vulnerability in the TrustZone implementation in certain Broadcom MediaxChange firmware was reported by security researchers. To exploit this vulnerability on the affected Cisco products, the attacker would need to dismount the backplate of the device and trigger a specific series of impulses on the chipset. This would reload the device in a special mode allowing access to the bootshell. The attacker would then issue specific commands with crafted parameters in the bootshell, which would trigger the vulnerability. Exploitation of this vulnerability could result in arbitrary code execution with privilege escalation.
At the time of publication, a link to the details about this vulnerability was not available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh”]
CPE | Name | Operator | Version |
---|---|---|---|
cisco ip phones with multiplatform firmware | eq | any | |
cisco ip phones with multiplatform firmware | eq | any |