Security News > 2023 > May > Dump these insecure phone adapters because we're not fixing them, says Cisco

There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit.

Adding to the problem is the fact that the adapter reached its end of life in June 2020, and while the last date to extend or renew a service contract for the product isn't until August 2024, Cisco said in the advisory it will not release firmware updates to address the flaw and there are no workarounds.

"Customers are encouraged to migrate to a Cisco ATA 190 Series Analog Telephone Adapter," the manufacturer wrote in its advisory.

DBAPPsecurity, a network security company in China, alerted Cisco to the vulnerability, according to the network box maker.

Before migrating to the ATA 190 adapters, organizations should make sure the device will address their network needs and that their hardware and software configurations are supported by the device, Cisco wrote.

Cisco's Talos threat intelligence unit said last month that Russian intelligence operatives, working under the APT28 threat group umbrella, in 2021 exploited an old vulnerability in Cisco routers to gather network data from US and European government agencies.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/05/cisco_phone_adapter_vulnerabilitty/