Cisco Alert: Critical RCE Vulnerability in EoL SPA112 Phone Adapters

May 4, 2023

Cisco has issued a warning about a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 with a CVSS score of 9.8, affecting SPA112 2-Port phone adapters that have reached their end-of-life (EoL) status. The vulnerability impacts the web-based management interface of the phone adapters and can be exploited without authentication. According to Cisco's advisory, the problem exists due to “a missing authentication process within the firmware upgrade function.”

A remote attacker can exploit the vulnerability by upgrading a device to a crafted firmware version, which would allow them to execute arbitrary code with full privileges. As the SPA112 2-Port phone adapters are no longer supported (they reached EoL on June 1, 2020), Cisco does not plan to release firmware updates to address the vulnerability. Instead, the company recommends that customers migrate to an ATA 190 Series analog telephone adapter.

Cisco states that it is not aware of the vulnerability being exploited in malicious attacks. However, unpatched and vulnerable Cisco devices have been known to be exploited in the wild. Organizations should consider eliminating the SPA112 2-Port phone adapters from their environments as soon as possible. The article also mentions related vulnerabilities and patches in other Cisco products, as well as instances where Russia was found exploiting an old vulnerability to hack Cisco routers.

Latest News

• Brightline Data Breach Affects Over 780K Pediatric Mental Health Patients
• DoS Vulnerabilities Discovered in Widely-Used BGP Implementation
• China's Cyberattack Tradecraft Evolves, Targets Fortinet Firewalls
• Fortinet Reports Surge in Attacks on TBK DVR Devices
• APT28 Targets Ukrainian Government with Fake Windows Update Campaign