Cisco has warned that the SPA112 2-port phone adapter has a serious security flaw that could be exploited by a remote attacker to execute arbitrary code on an affected device. says.
The issue is tracked as CVE-2023-20126is rated 9.8 out of 10 maximum on the CVSS scoring system. The company credits his Catalpa for his DBappSecurity for reporting this shortcoming.
of Product in question Connect analog phones and fax machines to VoIP service providers without requiring upgrades.
“This vulnerability is due to a missing authentication process within the firmware upgrade feature,” the company said. Said Breaking news.
“An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. may be able to execute arbitrary code with arbitrary privileges.”
Despite the severity of the flaw, the network equipment manufacturer has said it will not release a fix as the device has reached End of Life (EoL) status as of June 1, 2020.
Instead, we recommend migrating to the Cisco ATA 190 Series Analog Telephone Adapters. last update March 31, 2024. There is no evidence that this flaw has been maliciously exploited in the wild.