CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 17, 2021

High

CISA KEV

CVE-2021-27562

Arm—Trusted Firmware

Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-27562

Vulnerability Overview

Severity: High
CISA KEV: Yes
Ransomware: Unknown
Published: Nov 3, 2021
KEV Added: Nov 3, 2021
Due Date: Nov 17, 2021
Related Articles: 0

Vendor

Arm

Trusted Firmware