CVE-2024-20451

Name of the Vulnerable Software and Affected Versions Cisco Small Business SPA300 Series IP Phones (affected versions not specified) Cisco Small Business SPA500 Series IP Phones (affected versions not specified)

Description The issue is related to the web-based management interface of the affected devices, where HTTP packets are not properly checked for errors, allowing an unauthenticated, remote attacker to cause the device to reload unexpectedly. This can be exploited by sending a crafted HTTP packet to the remote interface of the device, potentially leading to a denial-of-service (DoS) condition.

Recommendations For Cisco Small Business SPA300 Series IP Phones, update the firmware to a version that includes the fix for this issue. For Cisco Small Business SPA500 Series IP Phones, update the firmware to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.