May 10, 2023

Cisco phone adapters vulnerable to RCE attacks

Cisco has identified a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters that allows an unauthenticated, remote attacker to execute arbitrary code on the devices.

Since Cisco SPA112 2-Port Phone Adapters are unlikely to be connected to the Internet, these issues are most likely only exploitable on the local network.

Gaining access to these devices, on the other hand, may allow a threat actor to expand laterally on a network without being detected, as security software does not often monitor these sorts of devices.

The Vulnerability

• CVE-2023-20126 (CVSS score: 9.9, Critical) – Vulnerability in the web-based management due to a missing authentication process within the firmware upgrade function.
  A successful exploit could allow unauthenticated attacker to execute arbitrary code on the affected device with full privileges.

Affected Product and Versions

• All firmware releases for Cisco SPA112 2-Port Phone Adapters.

Mitigation

Since Cisco SPA112 has reached the end of its life, it is no longer supported by the vendor and will not receive a security update.

CYREBRO recommends users of this product to replace the impacted phone adapters.

References: Cisco Advisory.