Critical security flaw found in Cisco phone adapter

Cisco has issued an alert on a critical security flaw in its SPA112 2-Port Adapter, which is used by businesses to connect analog phones and fax machines to voice-over-IP systems without having to upgrade them.

The bug, known as CVE-2023-20126, has a base score of 9.8 out of 10 and is classified as critical. It may be used by a remote attacker to gain control of a compromised device and execute arbitrary code. According to Cisco, the vulnerability is caused by a missing authentication mechanism in the firmware upgrading function. An attacker might upgrade an affected device to a crafted version of firmware, allowing the attacker to execute arbitrary code with full privileges on the affected device.

The impacted adapter was phased out in June 2020, with Cisco recommending that clients switch to a Cisco ATA 190 Series Analog Telephone Adapter, which converts analog devices into IP devices for usage by corporations, small offices, and cloud operations.

According to Cisco’s Product Security Incident Response Team, there has been no exploitation of the issue, which was brought to the company’s notice by DBAPPsecurity.

The sources for this piece include an article in TheRegister.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web