cbcvebase.
CVE-2024-20451
published 2024-08-07

CVE-2024-20451: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.75%
50.4th percentile
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones
ciscocisco_small_business_ip_phones

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.