Cisco has issued a warning regarding a vulnerability present in a popular phone adapter, and has urged users to migrate to a newer model.

Cisco has issued a warning regarding a critical security vulnerability in SPA112 2-Port Phone Adapters, which could be exploited remotely by an attacker to execute arbitrary code on affected devices. The vulnerability, tracked as CVE-2023-20126, has been assigned a CVSS score of 9.8 out of 10. The company has credited Catalpa of DBappSecurity for reporting the issue.

The product in question allows for the connection of analog phones and fax machines to a VoIP service provider without necessitating an upgrade. According to Cisco’s bulletin, the vulnerability is due to a lack of authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware, thus allowing them to execute arbitrary code on the device with full privileges.

Despite the severity of the flaw, the networking equipment maker has stated that it does not intend to release fixes due to the fact the devices have reached end-of-life (EoL) status as of June 1, 2020. Instead, Cisco is recommending that users migrate to a Cisco ATA 190 Series Analog Telephone Adapter, which is set to receive its last update on March 31, 2024. There is currently no evidence that the flaw has been exploited maliciously in the wild.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir