Critical RCE vulnerability in Cisco phone adapters, no update available (CVE-2023-20126)

Cisco has revealed the existence of a critical vulnerability (CVE-2023-20126) in the web-based management interface of Cisco SPA112 2-Port Phone Adapters. The adapters are widely used to integrate analog phones into VoIP networks without the need for an upgrade. About the vulnerability (CVE-2023-20126) CVE-2023-20126 can be exploited without prior authentication. “This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device … More →

The post …

cisco cisco spa112 2-port phone adapters critical critical vulnerability cve don't miss exploited firmware hot stuff integrate interface management networks phone phones port rce the web update upgrade voip vulnerability web