CVE-2024-20450

Name of the Vulnerable Software and Affected Versions Cisco Small Business SPA300 Series IP Phones (affected versions not specified) Cisco Small Business SPA500 Series IP Phones (affected versions not specified)

Description The issue is related to a buffer overflow vulnerability in the web-based management interface of the affected IP phones, caused by insufficient error checking of incoming HTTP packets. This could allow a remote attacker to execute arbitrary commands on the underlying operating system with root privileges by sending a crafted HTTP request. The vulnerability is actively being exploited.

Recommendations For Cisco Small Business SPA300 Series IP Phones, update to a version that includes the fix for this issue. For Cisco Small Business SPA500 Series IP Phones, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.