End-of-Life Cisco IP Phones Hit by Critical RCE Vulnerabilities

End-of-Life Cisco IP Phones Hit by Critical RCE Vulnerabilities

ยท

2 min read

Executive Summary

Cisco has issued an alert regarding several critical vulnerabilities that allow remote code execution on the web management interface of the discontinued SPA 300 and SPA 500 series IP phones. These devices are no longer supported, and Cisco has not provided any fixes or mitigation strategies, recommending that users upgrade to current, supported models immediately.

The security flaws disclosed include three critical vulnerabilities (CVSS v3.1 score: 9.8) and two high-severity ones (CVSS v3.1 score: 7.5). The critical issues, identified as CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454, involve buffer overflow vulnerabilities. These allow a remote attacker without authentication to execute arbitrary commands on the device's operating system with the highest level of privileges through specially crafted HTTP requests.

Cisco's bulletin highlights that a successful exploit of these vulnerabilities could lead to unauthorized command execution at the root level due to buffer overflow.

The high-severity vulnerabilities, CVE-2024-20451 and CVE-2024-20453, stem from insufficient validation of HTTP packets, which could lead to denial-of-service attacks.

These vulnerabilities affect all software versions on the SPA 300 and SPA 500 series phones and can be exploited independently of each other.

In terms of support, the SPA 300 series was last sold in February 2019 and reached end of support in February 2022. The SPA 500 series was discontinued on June 1, 2020, the same day it reached end of support, although it will remain covered under certain service contracts or warranty conditions until May 31, 2025. The SPA 300 series, however, will not receive any further coverage or updates after February 29, 2024.

Users are encouraged to migrate to newer models like the Cisco IP Phone 8841 or those from the Cisco 6800 series through Cisco's Technology Migration Program (TMP), which offers credits for trading in eligible devices. For further guidance, users should contact Cisco's Technical Assistance Center (TAC).

References

https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/small-business-spa300-series-ip-phones/eos-eol-notice-c51-741208.html

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz

Did you find this article valuable?

Support The Intel Chronicles by becoming a sponsor. Any amount is appreciated!

ย