June 7, 2023

Cisco issue a  warning about a critical flaw impacting its IP phone ports allow unauthenticated attackers to execute code remotely on targeted devices and gain full admin privileges.

Cisco has not released and will not release firmware updates to address the vulnerability that is described in this advisory and urging customers still using the impacted model, SPA 112 2-Port Phone Adapters, to upgrade to its Cisco ATA 190 Series Analog Telephone Adapter to mitigate the flaw.

Advertisements

The vulnerable IP phone adapter is part of its small business line of IP phones. The bug tracked as CVE-2023-20126 with a CVSS score of 9.8 is due to a missing authentication process within the firmware upgrade function, Cisco reported on Wednesday. Successful exploit could give an attacker full privilege on an affected device.

Cisco retired  the SPA 112 2-Port Phone Adapters December 2019 and said end-of-life security support for the product would be June 2020. It’s unclear how many impacted models might still be in use today and said it was not aware of the vulnerability being exploited in the wild.

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: