Cisco Alert: Critical RCE Vulnerability in EoL SPA112 Phone Adapters

May 4, 2023

Cisco has issued a warning about a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 with a CVSS score of 9.8, affecting SPA112 2-Port phone adapters that have reached their end-of-life (EoL) status. The vulnerability impacts the web-based management interface of the phone adapters and can be exploited without authentication. According to Cisco's advisory, the problem exists due to “a missing authentication process within the firmware upgrade function.”

A remote attacker can exploit the vulnerability by upgrading a device to a crafted firmware version, which would allow them to execute arbitrary code with full privileges. As the SPA112 2-Port phone adapters are no longer supported (they reached EoL on June 1, 2020), Cisco does not plan to release firmware updates to address the vulnerability. Instead, the company recommends that customers migrate to an ATA 190 Series analog telephone adapter.

Cisco states that it is not aware of the vulnerability being exploited in malicious attacks. However, unpatched and vulnerable Cisco devices have been known to be exploited in the wild. Organizations should consider eliminating the SPA112 2-Port phone adapters from their environments as soon as possible. The article also mentions related vulnerabilities and patches in other Cisco products, as well as instances where Russia was found exploiting an old vulnerability to hack Cisco routers.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.