CVE-2024-20454
published 2024-08-07CVE-2024-20454: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.60%
93.0th percentile
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges.
These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for crafted HTTP requests targeting the web-based management interface of Cisco SPA300/SPA500 IP phones, which trigger a buffer overflow via malformed/oversized HTTP packets ↗
- →Monitor HTTP traffic to Cisco SPA300/SPA500 web management interfaces for anomalously large or malformed HTTP packets that do not conform to expected structure, indicative of buffer overflow exploitation (CWE-120) ↗
- →All five related flaws (CVE-2024-20450, CVE-2024-20452, CVE-2024-20454, CVE-2024-20451, CVE-2024-20453) affect SPA300 and SPA500 regardless of device configuration and are independently exploitable; alert on any unauthenticated HTTP requests to the management interface of these devices ↗
- ·No software fix is available and no workarounds exist; Cisco has not released and will not release patches for SPA300 or SPA500 series phones — network-level controls (e.g., blocking external access to the web management interface) are the only mitigation ↗
- ·All software releases running on SPA300 and SPA500 are vulnerable; there is no safe/patched version to allowlist or target for upgrade ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
vendor_cisco·2024-08-07·CVSS 9.8
CVE-2024-20450 [CRITICAL] CWE-120 Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbitrary commands on the underlying operating system or cause a denial of service (DoS) condition.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz
Cisco
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2024-20454 [HIGH] Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
CVE-2024-20454: Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbitrary commands on the underlying operating system or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the
Severity: high
CVSS: 3.1
CWE: CWE-120, CWE-120
Bug IDs: CSCwk31988, CSCwk31988, CSCwk31988
GHSA
GHSA-5f4q-cvpm-g6rh: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series
ghsa_unreviewed·2024-08-07
CVE-2024-20454 [CRITICAL] CWE-120 GHSA-5f4q-cvpm-g6rh: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges.
These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
No detection rules found.
No public exploits indexed.
Checkpoint
12th August – Threat Intelligence Report
blogs_checkpoint·2024-08-12
CVE-2024-27459 12th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 12th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 12th August, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Financial data systems of The Grand Palais which hosts Olympic events in France, were targeted by an undisclosed ransomware group. As part of the attack, also the financial systems of around 40 other French museums, including the Louvre and Grand Palais, were affected. The attack didn’t affect the museum’s operations nor th
Bleepingcomputer
Cisco warns of critical RCE zero-days in end of life IP phones
blogs_bleepingcomputer·2024-08-08·CVSS 9.8
CVE-2024-20450 [CRITICAL] Cisco warns of critical RCE zero-days in end of life IP phones
## Cisco warns of critical RCE zero-days in end of life IP phones
## Bill Toulas
The critical vulnerabilities are tracked as CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454.
These buffer overflow vulnerabilities allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying OS with root privileges by sending a specially crafted HTTP request to the target device.
"A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level," warns Cisco in the bulletin .
The two high-severity flaws are CVE-2024-20451 and CVE-2024-20453. They are caused by inadequate checks on HTTP packets, which allow malicious packets to cause a denial of service on the affected device.
Cisco notes that all five
2024-08-07
Published