CVE-2021-34711

MEDIUM Year: 2021
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-36
View all →

Vulnerability Description

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.

Related Vulnerabilities

CVE-2023-1176

MEDIUM
CVSS:5.3(Medium)

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

CWE-362023

CVE-2023-5390

MEDIUM
CVSS:5.3(Medium)

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files f...

CWE-362023

CVE-2024-10047

MEDIUM
CVSS:5.3(Medium)

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTT...

CWE-362024

CVE-2024-1703

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to ...

CWE-362024

CVE-2024-6097

MEDIUM
CVSS:5.3(Medium)

In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

CWE-362024

CVE-2024-13945

HIGH
CVSS:6.0(Medium)

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: t...

CWE-362024