Cisco

Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices.

Tracked as CVE-2023-20126 and having a "critical" CVSS score of 9.8, this vulnerability is caused by a missing authentication process within the firmware upgrade function.

"An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware," reads Cisco's security bulletin

"A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges."

These phone adapters are a popular choice in the industry for incorporating analog phones into VoIP networks without upgrading.

While these adapters may be used in many organizations, they are likely not exposed to the Internet, making these flaws mostly exploitable from the local network.

However, gaining access to these devices could help a threat actor spread laterally on a network without detection, as security software does not commonly monitor these types of devices.

Since Cisco SPA112 has reached the end of its life, it is no longer supported by the vendor and will not receive a security update. Also, Cisco has provided no mitigations for CVE-2023-20126.

Cisco's security bulletin aims at raising awareness of the need to replace the impacted phone adapters or implement additional security layers to protect them from attacks.

The recommended replacement model is Cisco ATA 190 Series Analog Telephone Adapter, which has a designated end-of-life date on March 31, 2024.

The company is unaware of any instances of active exploitation of CVE-2023-20126 in the wild, but this could change at any time, so admins are advised to take the appropriate precautions urgently.

Critical severity flaws on once-popular devices are potential candidates for use in attacks, potentially leading to large-scale security incidents.

Related Articles:

Widely used modems in industrial IoT devices open to SMS attack

New regreSSHion OpenSSH RCE bug gives root on Linux servers

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

VMware fixes critical vCenter RCE vulnerability, patch now

TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers