Cisco IP Phones Vulnerabilities: Remote Hackers Can Take Over Devices, No Fixes Available

Cisco Small Business SPA300 and SPA500 Series IP Phones are vulnerable to remote command execution and DoS attacks due to unchecked HTTP packets. With CVSS scores of 9.8 and 7.5, these vulnerabilities allow attackers to execute commands or cause device reloads. No fixes or workarounds are available.

1P
Published: August 7, 2024 4:07 pmAdded: August 7, 2024 at 9:16 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that trying to reach customer service on a Cisco IP phone could lead to a hacker reaching the root of your system? Looks like the only busy signal you’ll get is from the DoS attack!

Key Points:

  • Multiple vulnerabilities identified in Cisco Small Business SPA300 and SPA500 Series IP Phones.
  • Vulnerabilities allow unauthenticated, remote attackers to execute arbitrary commands with root privileges.
  • No software updates or workarounds have been released by Cisco yet.
  • High Security Impact Rating (SIR) and CVSS Base Score of 9.8 for command execution vulnerabilities.
  • High Security Impact Rating (SIR) and CVSS Base Score of 7.5 for DoS vulnerabilities.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?