company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Vulnerability

VoIP

RCE

loading..
loading..
loading..

Cisco SPA112 Phone Adapters Vulnerable to Arbitrary Code Execution

Cisco's SPA112 2-Port Phone Adapters have a critical vulnerability that allows unauthenticated remote attackers to execute arbitrary code

04-May-2023
3 min read

Cisco has disclosed a critical vulnerability in the web-based management interface of its popular SPA112 2-Port Phone Adapters. The flaw, tracked as CVE-2023-20126, has a CVSS score of 9.8, indicating its severity. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on the affected devices, giving them full privileges.

Cause of Vulnerability: Missing Authentication Process in Firmware Upgrade Function

According to Cisco's security bulletin, the vulnerability is caused by a missing authentication process within the firmware upgrade function. An attacker can upgrade the device to a crafted firmware version and exploit the vulnerability to execute arbitrary code. While phone adapters are widely used in many organizations, they are usually not exposed to the internet, making them primarily exploitable from the local network. However, gaining access to these devices could help a threat actor spread laterally on a network without detection.

Lack of Security Updates and Mitigations for Vulnerability

Since the Cisco SPA112 has reached its end of life, it is no longer supported by the vendor and will not receive a security update. Additionally, Cisco has provided no mitigations for CVE-2023-20126. Cisco's security bulletin highlights the need to replace the impacted phone adapters or implement additional security layers to protect them from attacks. The recommended replacement model is the Cisco ATA 190 Series Analog Telephone Adapter, which has a designated end-of-life date on March 31, 2024.

Potential for Large-Scale Security Incidents

Although Cisco is unaware of any active exploitation of CVE-2023-20126 in the wild, the potential for large-scale security incidents remains high. Critical severity flaws on once-popular devices are potential candidates for attack use, and the lack of security updates and mitigations for this vulnerability increases the risk. Admins are advised to take the appropriate precautions urgently.

The disclosure of this critical vulnerability in Cisco SPA112 2-Port Phone Adapters underscores the importance of ongoing security assessments of all devices, even those considered low-risk. Organizations that still use these phone adapters should take immediate action to replace them or implement additional security layers to mitigate the risk of exploitation. As the threat landscape evolves, businesses must prioritize cybersecurity to protect their assets and prevent costly breaches.