Cisco has warned that the SPA112 2-port phone adapter has a serious security flaw that could be exploited by a remote attacker to execute arbitrary code on an affected device. says.
The issue is tracked as CVE-2023-20126is rated 9.8 out of 10 maximum on the CVSS scoring system. The company credits his Catalpa for his DBappSecurity for reporting this shortcoming.
The product in question allows analog phones and fax machines to connect to VoIP service providers without requiring upgrades.
“This vulnerability is due to a missing authentication process within the firmware upgrade feature,” the company said in a bulletin.
“An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. may be able to execute arbitrary code with arbitrary privileges.”
Despite the severity of the flaw, the network equipment manufacturer has said it will not release a fix as the device has reached End of Life (EoL) status as of June 1, 2020.
Instead, we encourage users to migrate to the Cisco ATA 190 Series Analog Telephone Adapters, which are set to receive the last update on March 31, 2024.
