CVE-2024-20454

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 7, 2024

Updated: Aug 23, 2024

CWE ID 120

Summary

CVE-2024-20454 refers to multiple vulnerabilities discovered in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones. An unauthenticated, remote attacker can exploit these vulnerabilities by sending a maliciously crafted HTTP request. The underlying issue stems from improper handling of incoming HTTP packets, resulting in a buffer overflow. Successful exploitation grants the attacker root privileges to execute arbitrary commands on the affected device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SPA500

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xj5NEs
https://www.cve.org/CVERecord?id=CVE-2024-20454
https://nvd.nist.gov/vuln/detail/CVE-2024-20454

Back to Vulnerability Database