Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model

May 05, 2023Ravie LakshmananVulnerability / Network Security

Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices.

The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credited Catalpa of DBappSecurity for reporting the shortcoming.

The product in question makes it possible to connect analog phones and fax machines to a VoIP service provider without requiring an upgrade.

Cybersecurity

“This vulnerability is due to a missing authentication process within the firmware upgrade function,” the company said in a bulletin.

“An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges.”

Despite the severity of the flaw, the networking equipment maker said it does not intend to release fixes due to the fact the devices have reached end-of-life (EoL) status as of June 1, 2020.

It instead is recommending that users migrate to a Cisco ATA 190 Series Analog Telephone Adapter, which is set to receive its last update on March 31, 2024. There is no evidence that the flaw has been maliciously exploited in the wild.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Cyber Security

Articles You May Like

Asus Zenfone 11 Ultra Scheduled to Launch on March 14, Will Offer AI Capabilities
OnePlus Watch 2 India Launch Date, Design, Details Confirmed; Pre-Reservations Now Open
RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers
Alibaba bets on overseas e-commerce unit amid sluggish growth in China
iQoo Neo 9 Pro With Snapdragon 8 Gen 2 Chip, 50-Megapixel Camera Launched in India: Price, Specifications

Leave a Reply

Your email address will not be published. Required fields are marked *