A high-severity vulnerability has been discovered in a widely-used Cisco phone adapter that could allow threat actors to execute arbitrary code on the target endpoints, the company has confirmed.
Users are advised to move to a different device, given that the vulnerable ones reached end-of-life and are no longer receiving upgrades and fixes.
Cisco said that its SPA112 2-Port Phone Adapter lacks proper authentication processes in its firmware upgrade function. As a result, victims could end up installing a malicious firmware update, and, "a successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges."
Local access only
The flaw is tracked as CVE-2023-20126, and has a severity score of 9.8 - critical.
The publication claims the adapters are “popular” among organizations looking to use analog phones on their VoIP networks without needing to upgrade. The silver lining in the flaw is that the adapters are not usually connected to the public internet, meaning threat actors would need to first access the local network in order to be able to exploit the flaw.
However, the vulnerability could be used to move laterally through the target network more easily, the publication adds, as security software usually doesn’t monitor tools such as this one.
Given that the SPA112 reached end-of-life status and isn’t receiving updates, Cisco said it wouldn’t be addressing the vulnerability with a fix. Instead, it has told its customers to replace it with the ATA 190 Series Analog Telephone Adapter, a device that will be supported until March 31, 2024.
Cisco said that there is no evidence the flaw is currently being abused in the wild, but now that the information is out there, incursions are bound to happen. Outdated software and hardware are one of the most common ways hackers access target networks.
- These are the best endpoint protection tools right now