Cisco Family August 2024 1st Security Advisory

Overview
 

Cisco (https://www.cisco.com) has announced a security advisory to address vulnerabilities in their supplied products. Users of the relevant systems are advised to refer to the main text and the reference site for more information.

 

Affected Products

 

Cisco Small Business SPA300 Series IP Phones
Cisco Small Business SPA500 Series IP Phones

 

Resolved Vulnerabilities

 

Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Arbitrary Command Execution Vulnerabilities (CVE-2024-20450, CVE-2024-20452, CVE-2024-20454)
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI DoS Vulnerabilities (CVE-2024-20451, CVE-2024-20453)

 

Vulnerability Countermeasures

The Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones have entered the end-of-life process and no software updates will be released.

Customers should refer to the end-of-life announcements for these products.

 

 

Referenced Sites

 

[1] Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz

Article Link: Cisco Family August 2024 1st Security Advisory – ASEC