Subj : Re: Dialup line for my BBS
To   : All
From : Warpslide
Date : Thu May 04 2023 03:32 pm

On 27 Apr 2023, Warpslide said the following...

 Wa> I'm using voip.ms with a Cisco SPA112 ATA.  The ATA is connected to a USR
 Wa> Sportster 56k modem which is connected to a USB to serial adapter.

* Cisco phone adapters vulnerable to RCE attacks, no fix available *

Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices.

Tracked as CVE-2023-20126 and having a "critical" CVSS score of 9.8, this vulnerability is caused by a missing authentication process within the firmware upgrade function.
[...]
While these adapters may be used in many organizations, they are likely not exposed to the Internet, making these flaws mostly exploitable from the local network.
[...]
Since Cisco SPA112 has reached the end of its life, it is no longer supported by the vendor and will not receive a security update. Also, Cisco has provided no mitigations for CVE-2023-20136.

https://www.bleepingcomputer.com/news/security/cisco-phone-adapters-vulnerable-
to-rce-attacks-no-fix-available/



Always fun to know.  Luckily mine isn't exposed to the open internet.


Jay

.... A gathering of optometrists is called a focus group

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
 * Origin: Northern Realms (21:3/110)

.