The company has confirmed that a high-severity vulnerability has been found in a widely used Cisco phone card that could allow cybercriminals to execute arbitrary code on targeted endpoints.
Users are advised to switch to another device given that the vulnerable ones have come to an end and are no longer receiving updates or fixes.
Cisco said that its SPA112 2-port phone adapter does not have proper authentication processes in the firmware update feature. As a result, victims may install malware (opens in a new tab) firmware update, and “a successful exploit could allow an attacker to execute arbitrary code on the affected device with full privileges.”
Local access only
The vulnerability is tracked as CVE-2023-20126 and has a severity rating of 9.8 – critical.
The publication says the adapters are “popular” with organizations looking to use analog phones in their VoIP networks without requiring an upgrade. The advantage of this vulnerability is that adapters are usually not connected to the public internet, meaning that cybercriminals would first need to gain access to the local network to be able to exploit the vulnerability.
However, the publication adds that the vulnerability could be exploited to move across the target network more easily, as security software typically does not monitor tools like this.
Given that the SPA112 has reached end-of-life status and is not receiving an update, Cisco said it would not address the vulnerability with a patch. Instead, it told its customers to replace it with an ATA 190 series analog telephone adapter, a device that will be supported until March 31, 2024.
Cisco said there is no evidence that the vulnerability is currently being abused in the wild, but now that the information is available, intrusions are inevitable. Outdated software and hardware is one of the most common ways hackers gain access to targeted networks.
By: Beeping Computer (opens in a new tab)