Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a distant attacker to execute arbitrary code on afflicted units.
The issue, tracked as CVE-2023-20126, is rated 9.8 out of a greatest of 10 on the CVSS scoring technique. The organization credited Catalpa of DBappSecurity for reporting the shortcoming.
The item in dilemma will make it doable to link analog telephones and fax machines to a VoIP services provider devoid of necessitating an up grade.
“This vulnerability is due to a missing authentication system inside of the firmware improve functionality,” the organization stated in a bulletin.
“An attacker could exploit this vulnerability by upgrading an affected system to a crafted edition of firmware. A thriving exploit could enable the attacker to execute arbitrary code on the impacted unit with complete privileges.”
Regardless of the severity of the flaw, the networking devices maker claimed it does not intend to launch fixes owing to the actuality the equipment have reached conclusion-of-daily life (EoL) standing as of June 1, 2020.
It rather is recommending that users migrate to a Cisco ATA 190 Series Analog Phone Adapter, which is set to get its previous update on March 31, 2024. There is no evidence that the flaw has been maliciously exploited in the wild.
Located this report appealing? Comply with us on Twitter and LinkedIn to study more unique material we article.
Some parts of this article are sourced from:
thehackernews.com