CVE-2024-20450
published 2024-08-07CVE-2024-20450: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones…
PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.22%
93.5th percentile
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges.
These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request to the web-based management interface of Cisco SPA300/SPA500 IP phones; detect anomalous or oversized HTTP requests targeting these devices' web UI ports ↗
- →The vulnerability results in a buffer overflow triggered by incoming HTTP packets not properly checked for errors; monitor for HTTP requests with abnormally large or malformed headers/bodies directed at SPA300/SPA500 management interfaces ↗
- →Successful exploitation results in arbitrary OS command execution at root privilege level; monitor for unexpected process spawning or root-level command execution originating from the web UI process on affected devices ↗
- →All five related flaws (CVE-2024-20450, CVE-2024-20451, CVE-2024-20452, CVE-2024-20453, CVE-2024-20454) are exploitable independently and affect all software releases on SPA300/SPA500 regardless of configuration; treat any unauthenticated HTTP traffic to these devices' management interfaces as high-risk ↗
- ·No software fix will be released; Cisco has not released and will not release patches for these vulnerabilities on SPA300/SPA500 devices, making network-level controls the only mitigation ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
vendor_cisco·2024-08-07·CVSS 9.8
CVE-2024-20450 [CRITICAL] CWE-120 Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbitrary commands on the underlying operating system or cause a denial of service (DoS) condition.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz
Cisco
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2024-20450 [HIGH] Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
CVE-2024-20450: Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbitrary commands on the underlying operating system or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the
Severity: high
CVSS: 3.1
CWE: CWE-120, CWE-120
Bug IDs: CSCwk31988, CSCwk31988, CSCwk31988
GHSA
GHSA-63v5-86j4-m83w: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series
ghsa_unreviewed·2024-08-07
CVE-2024-20450 [CRITICAL] CWE-120 GHSA-63v5-86j4-m83w: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges.
These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
No detection rules found.
No public exploits indexed.
Checkpoint
12th August – Threat Intelligence Report
blogs_checkpoint·2024-08-12
CVE-2024-27459 12th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 12th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 12th August, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Financial data systems of The Grand Palais which hosts Olympic events in France, were targeted by an undisclosed ransomware group. As part of the attack, also the financial systems of around 40 other French museums, including the Louvre and Grand Palais, were affected. The attack didn’t affect the museum’s operations nor th
Bleepingcomputer
Cisco warns of critical RCE zero-days in end of life IP phones
blogs_bleepingcomputer·2024-08-08·CVSS 9.8
CVE-2024-20450 [CRITICAL] Cisco warns of critical RCE zero-days in end of life IP phones
## Cisco warns of critical RCE zero-days in end of life IP phones
## Bill Toulas
The critical vulnerabilities are tracked as CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454.
These buffer overflow vulnerabilities allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying OS with root privileges by sending a specially crafted HTTP request to the target device.
"A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level," warns Cisco in the bulletin .
The two high-severity flaws are CVE-2024-20451 and CVE-2024-20453. They are caused by inadequate checks on HTTP packets, which allow malicious packets to cause a denial of service on the affected device.
Cisco notes that all five
2024-08-07
Published