cbcvebase.
CVE-2024-20450
published 2024-08-07

CVE-2024-20450: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones…

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.22%
93.5th percentile
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a crafted HTTP request to the web-based management interface of Cisco SPA300/SPA500 IP phones; detect anomalous or oversized HTTP requests targeting these devices' web UI ports
  • The vulnerability results in a buffer overflow triggered by incoming HTTP packets not properly checked for errors; monitor for HTTP requests with abnormally large or malformed headers/bodies directed at SPA300/SPA500 management interfaces
  • Successful exploitation results in arbitrary OS command execution at root privilege level; monitor for unexpected process spawning or root-level command execution originating from the web UI process on affected devices
  • All five related flaws (CVE-2024-20450, CVE-2024-20451, CVE-2024-20452, CVE-2024-20453, CVE-2024-20454) are exploitable independently and affect all software releases on SPA300/SPA500 regardless of configuration; treat any unauthenticated HTTP traffic to these devices' management interfaces as high-risk
  • ·No software fix will be released; Cisco has not released and will not release patches for these vulnerabilities on SPA300/SPA500 devices, making network-level controls the only mitigation

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.