Critical RCE vulnerability in Cisco phone adapters, no update available (CVE-2023-20126)

Cisco has revealed the existence of a critical vulnerability (CVE-2023-20126) in the web-based management interface of Cisco SPA112 2-Port Phone Adapters. The adapters are widely used to integrate analog phones into VoIP networks without the need for an upgrade. About the vulnerability (CVE-2023-20126) CVE-2023-20126 can be exploited without prior authentication. “This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device … More

The post Critical RCE vulnerability in Cisco phone adapters, no update available (CVE-2023-20126) appeared first on Help Net Security.

This article has been indexed from Help Net Security

Read the original article: