Cisco warns of multiple critical remote code execution zero-day vulnerabilities in end-of-life Small Business SPA 300 and SPA 500 series IP phones.<\/p>\n\n\n\n
“Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbitrary commands on the underlying operating system or cause a denial of service (DoS) condition.” reads the advisory<\/strong><\/a> published by the vendor.<\/em><\/p>\n\n\n\n
Aidan of BAE Systems Digital Intelligence discovered these vulnerabilities.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, Small Business IP Phones)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"