Cisco has warned of a critical security flaw in SPA112 2-port phone adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices.
The issue, tracked as CVE-2023-20126, has a score of 9.8 out of a maximum of 10 in the CVSS scoring system. The company credited DBappSecurity’s Catalpa for reporting the flaw.
The product in question allows analog telephones and fax machines to be connected to a VoIP service provider without the need for an upgrade.
“This vulnerability is due to a missing authentication process within the firmware update function,” the company said in a bulletin.
“An attacker could exploit this vulnerability by updating an affected device to an engineered version of the firmware. A successful exploit could allow an attacker to execute arbitrary code on the affected device with full privileges.”
Despite the severity of the flaw, the networking equipment maker said it does not intend to release fixes due to the fact that the devices have reached the end-of-life (EoL) state as of 1 June 2020.
Instead, it recommends that users migrate to a Cisco ATA 190 series analog phone adapter, which will receive its latest update on March 31, 2024. There is no evidence that the flaw has been maliciously exploited in the wild .
Cisco has warned of a vulnerability in its popular phone adapter, urging users to migrate to newer models. According to the company, the vulnerability exposes devices to exploits that can block access to the device, conduct malicious scans of a computer network, or even access sensitive user data.
To protect against this vulnerability, Cisco is urging users to migrate to the latest, most secure versions of the phone adapter. The company recommends that users who are still using the older models contact their vendors and migrate to the new models as soon as possible.
Ikaroa is committed to helping users keep their devices secure. Our team of highly experienced engineers provide effective and reliable solutions that effectively protect computers and networks from security vulnerabilities, like the recent vulnerability discovered in the Cisco phone adapter. Our experts are up to date on the latest security standards and are able to provide customers with quick and effective solutions, so they can be sure their devices are secure and protected.
