HQ/EMEAFind out how we can help your business
The United States-based multinational digital communication technology conglomerate corporation, Cisco, has revealed a critical flaw in the web-based management interface of its phone adapters.
The phone adapter currently of significant concern is the Cisco SPA112 2-Port Phone Adapter. The flaw disclosure explained that its vulnerability could allow an unauthenticated and remote hacker to run arbitrary code on the device.
Researchers coded the flaw as CVE-2023-20126 with a critical severity score of 9.8. The bug appeared due to a missing authentication process in the firmware upgrade feature.
Attackers could leverage the flaws in the Cisco phone adapters through upgrades.
The Cisco advisory explained that a malicious individual could exploit the flaw by upgrading an impacted device to a specially-crafter firmware version. The abuse could allow the attackers to operate arbitrary code on the flawed device with full privileges.
Numerous users could suffer potential attacks since these adapters are a well-known option in the industry since they incorporate analogue phones into VoIP networks without upgrading.
However, these flaws will be mostly exploitable through the local network since they are likely not exposed to the internet despite being employed by numerous organisations.
Furthermore, threat actors could move laterally on a network without raising suspicions, as security solutions do not typically monitor these devices.
The flawed device has reached its end-of-life status, meaning it will no longer receive a security update and will not be supported by the vendor. On the other hand, the company has already given mitigation tactics for the vulnerability.
Cisco’s announcement aims to inform users to replace the affected phone adapters or employ additional security protections against such threats. The company has also released a notification regarding suitable devices they could replace the flawed ones, which the users could follow.
Cisco has yet to discover a CVE-2023-20126 in the wild, but threat actors could be brewing potential schemes that could exploit the flaw soon. Users and admins should take appropriate security action immediately before these malicious entities can make their move.
