Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model

2023-05-05 05:16

Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices.

The company credited Catalpa of DBappSecurity for reporting the shortcoming.

"This vulnerability is due to a missing authentication process within the firmware upgrade function," the company said in a bulletin.

"An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges."

It instead is recommending that users migrate to a Cisco ATA 190 Series Analog Telephone Adapter, which is set to receive its last update on March 31, 2024.

There is no evidence that the flaw has been maliciously exploited in the wild.

News URL

https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html

#phone #cisco #vulnerability

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4442	231	3052	1816	604	5703