Overview
Cisco (https://www.cisco.com) has announced a security advisory to address vulnerabilities in their supplied products. Users of the relevant systems are advised to refer to the main text and the reference site for more information.
Affected Products
Cisco Small Business SPA300 Series IP Phones
Cisco Small Business SPA500 Series IP Phones
Resolved Vulnerabilities
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Arbitrary Command Execution Vulnerabilities (CVE-2024-20450, CVE-2024-20452, CVE-2024-20454)
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI DoS Vulnerabilities (CVE-2024-20451, CVE-2024-20453)
Vulnerability Countermeasures
The Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones have entered the end-of-life process and no software updates will be released.
Customers should refer to the end-of-life announcements for these products.
Referenced Sites
[1] Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
Article Link: Cisco Family August 2024 1st Security Advisory – ASEC