CVE-2024-20451

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 7, 2024
Updated: Aug 23, 2024
CWE ID 120

Summary

CVE-2024-20451 refers to multiple vulnerabilities discovered in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones. These vulnerabilities allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. The cause of these vulnerabilities is the improper handling of HTTP packets by the interface. An attacker could exploit this issue by sending malformed HTTP packets to the remote interface, potentially leading to a Denial of Service (DoS) condition on the device.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share