Critical Vulnerability in Cisco Phone Adapters Will Not Be Fixed

Cisco phone adapters
Written by Emma Davis

Cisco warns of a critical vulnerability in the web interface of the SPA112 Dual Port Phone Adapters.

The issue allows a remote, unauthenticated attacker to execute arbitrary code. Since the support period for the Cisco SPA112 has already come to an end, you can not wait for the release of updates.

Let me remind you that we also wrote that Vulnerability in Cisco WebEx and Zoom allows listening to other people’s conversations, and also that Yanluowang Ransomware Hacked Cisco.

And also information security specialists warned that Cisco Won’t Fix an RCE Vulnerability in Old RV Routers.

The latest vulnerability was given the identifier CVE-2023-20126 and the status of “critical” (9.8 points out of 10 possible on the CVSS scale). The developers report that the problem is due to the lack of an authentication process in the firmware update function.

An attacker could exploit this vulnerability by updating the affected device’s firmware to a modified one. Successful exploitation could allow an attacker to execute arbitrary code on a vulnerable device with full privileges.the official security bulletin reads.

I must say that such phone adapters are a very popular solution for connecting analog phones to VoIP. Although such adapters can be used in many organizations, they are most likely not connected to the Internet, that is, the vulnerability can only be exploited from the local network.

However, vulnerable devices can help attackers get into the network undetected because security software usually doesn’t track these types of devices.

As support for the Cisco SPA112 ended in 2020, the devices are no longer supported by the manufacturer and do not receive security updates. In their bulletin, Cisco does not offer any protection against CVE-2023-20126.

In fact, the manufacturer’s bulletin is only aimed at raising awareness, and also reminding companies to replace outdated telephone adapters and implement additional layers of security.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending