Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on impacted products.
The issue, tracked as CVE-2023-20126, is rated 9.8 out of a highest of 10 on the CVSS scoring program. The organization credited Catalpa of DBappSecurity for reporting the shortcoming.
The solution in concern will make it feasible to hook up analog phones and fax machines to a VoIP assistance supplier devoid of necessitating an enhance.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“This vulnerability is due to a missing authentication course of action within the firmware enhance purpose,” the business mentioned in a bulletin.
“An attacker could exploit this vulnerability by upgrading an influenced gadget to a crafted variation of firmware. A profitable exploit could allow the attacker to execute arbitrary code on the afflicted gadget with comprehensive privileges.”
Inspite of the severity of the flaw, the networking tools maker claimed it does not intend to launch fixes thanks to the reality the devices have arrived at conclude-of-existence (EoL) standing as of June 1, 2020.
It as an alternative is recommending that buyers migrate to a Cisco ATA 190 Collection Analog Phone Adapter, which is set to get its previous update on March 31, 2024. There is no evidence that the flaw has been maliciously exploited in the wild.
Observed this write-up appealing? Adhere to us on Twitter and LinkedIn to read through far more unique articles we publish.
Some areas of this post are sourced from:
thehackernews.com