Security News > 2023 > May > Critical RCE vulnerability in Cisco phone adapters, no update available (CVE-2023-20126)
Cisco has revealed the existence of a critical vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters.
"This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware," Cisco's security advisory explains.
The vulnerability has been reported privately and there are no indications that it has been exploited in the wild.
The vulnerable adapter is no longer supported, meaning that Cisco will not be releasing firmware updates to fix this vulnerability.
With no fixes and workarounds available, Cisco is urging customers to migrate to a newer device.
In the security advisory, says users should migrate to a Cisco ATA 190 Series Analog Telephone Adapter, but the EOL document for the Cisco SPA112 2-Port Phone Adapter points to the Cisco ATA 191 Series Analog Telephone Adapter as a fitting replacement.
News URL
https://www.helpnetsecurity.com/2023/05/05/cve-2023-20126/
Related news
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)