Lucene search

[email protected]NVD:CVE-2024-20450

HistoryAug 07, 2024 - 5:15 p.m.

CVE-2024-20450

2024-08-0717:15:50

CWE-120

[email protected]

web.nvd.nist.gov

cisco small business

spa300 series

spa500 series

ip phones

web-based management

remote code execution

buffer overflow

root privileges

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges.

These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.

Affected configurations

Nvd

Node

ciscospa_301_firmware

AND

ciscospa_301_1_line_ip_phoneMatch-

Node

ciscospa_303_firmware

AND

ciscospa_303_3_line_ip_phoneMatch-

Node

ciscospa_501g_firmware

AND

ciscospa_501g_8-line_ip_phoneMatch-

Node

ciscospa_502g_firmware

AND

ciscospa_502g_1-line_ip_phoneMatch-

Node

ciscospa_504g_firmware

AND

ciscospa_504g_4-line_ip_phoneMatch-

Node

ciscospa_508g_firmware

AND

ciscospa_508g_8-line_ip_phoneMatch-

Node

ciscospa_509g_firmware

AND

ciscospa_509g_12-line_ip_phoneMatch-

Node

ciscospa_512g_firmware

AND

ciscospa_512g_1-line_ip_phoneMatch-

Node

ciscospa_514g_firmware

AND

ciscospa_514g_4-line_ip_phoneMatch-

Node

ciscospa_525g_firmware

AND

ciscospa_525g_5-line_ip_phoneMatch-

Node

ciscospa_525g2_firmware

AND

ciscospa_525g2_5-line_ip_phoneMatch-

VendorProductVersionCPE
ciscospa_301_firmware*cpe:2.3:o:cisco:spa_301_firmware:*:*:*:*:*:*:*:*
ciscospa_301_1_line_ip_phone-cpe:2.3:h:cisco:spa_301_1_line_ip_phone:-:*:*:*:*:*:*:*
ciscospa_303_firmware*cpe:2.3:o:cisco:spa_303_firmware:*:*:*:*:*:*:*:*
ciscospa_303_3_line_ip_phone-cpe:2.3:h:cisco:spa_303_3_line_ip_phone:-:*:*:*:*:*:*:*
ciscospa_501g_firmware*cpe:2.3:o:cisco:spa_501g_firmware:*:*:*:*:*:*:*:*
ciscospa_501g_8-line_ip_phone-cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:-:*:*:*:*:*:*:*
ciscospa_502g_firmware*cpe:2.3:o:cisco:spa_502g_firmware:*:*:*:*:*:*:*:*
ciscospa_502g_1-line_ip_phone-cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:-:*:*:*:*:*:*:*
ciscospa_504g_firmware*cpe:2.3:o:cisco:spa_504g_firmware:*:*:*:*:*:*:*:*
ciscospa_504g_4-line_ip_phone-cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	spa_301_firmware	*	cpe:2.3:o:cisco:spa_301_firmware::::::::
cisco	spa_301_1_line_ip_phone	-	cpe:2.3:h:cisco:spa_301_1_line_ip_phone:-:::::::*
cisco	spa_303_firmware	*	cpe:2.3:o:cisco:spa_303_firmware::::::::
cisco	spa_303_3_line_ip_phone	-	cpe:2.3:h:cisco:spa_303_3_line_ip_phone:-:::::::*
cisco	spa_501g_firmware	*	cpe:2.3:o:cisco:spa_501g_firmware::::::::
cisco	spa_501g_8-line_ip_phone	-	cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:-:::::::*
cisco	spa_502g_firmware	*	cpe:2.3:o:cisco:spa_502g_firmware::::::::
cisco	spa_502g_1-line_ip_phone	-	cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:-:::::::*
cisco	spa_504g_firmware	*	cpe:2.3:o:cisco:spa_504g_firmware::::::::
cisco	spa_504g_4-line_ip_phone	-	cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:-:::::::*