What is CVE-2024-20451?

CVE-2024-20451 is a high-severity vulnerability in Cisco Small Business Ip Phones, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.5/10. Published 2024-08-07.

How severe is CVE-2024-20451?

High severity. CVSS v3 base score is 7.5 out of 10.

Buffer overflow in Cisco Small Business Ip Phones

CVE-2024-20451

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to…

Vulnerability class: Buffer Overflow

EPSS: 0.013 (80.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cisco Small Business Ip Phones — versions 7.6.0, 7.6.2, 7.6.2SR3

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

cisco-sa-spa-http-vulns-RJZmX2Xz

Frequently asked questions

What is CVE-2024-20451?: CVE-2024-20451 is a high-severity vulnerability in Cisco Small Business Ip Phones, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.5/10. Published 2024-08-07.
How severe is CVE-2024-20451?: High severity. CVSS v3 base score is 7.5 out of 10.