CVE-2024-20454

Name of the Vulnerable Software and Affected Versions Cisco Small Business SPA300 Series IP Phones (affected versions not specified) Cisco Small Business SPA500 Series IP Phones (affected versions not specified)

Description The issue is related to a buffer overflow vulnerability in the web-based management interface of the affected IP phones. This vulnerability exists because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.

Recommendations For Cisco Small Business SPA300 Series IP Phones, update the firmware to a version that includes the fix for this vulnerability. For Cisco Small Business SPA500 Series IP Phones, update the firmware to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.