May 5, 2023Rabbi LakshmananVulnerability / Network Security

Cisco has warned that the SPA112 2-port phone adapter has a serious security flaw that could be exploited by a remote attacker to execute arbitrary code on an affected device. says.

The issue is tracked as CVE-2023-20126is rated 9.8 out of 10 maximum on the CVSS scoring system. The company credits his Catalpa for his DBappSecurity for reporting this shortcoming.

of Product in question Connect analog phones and fax machines to VoIP service providers without requiring upgrades.

cyber security

“This vulnerability is due to a missing authentication process within the firmware upgrade feature,” the company said. Said Breaking news.

“An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. may be able to execute arbitrary code with arbitrary privileges.”

Despite the severity of the flaw, the network equipment manufacturer has said it will not release a fix as the device has reached End of Life (EoL) status as of June 1, 2020.

Instead, we recommend migrating to the Cisco ATA 190 Series Analog Telephone Adapters. last update March 31, 2024. There is no evidence that this flaw has been maliciously exploited in the wild.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog