QID 730795
Date Published: 2023-05-08
QID 730795: Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability (cisco-sa-spa-unauth-upgrade-UqhyTWW)
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to a missing authentication process within the firmware upgrade function.
Affected Versions:
All versions of Cisco SPA112 2-Port Phone Adapters
QID Detection Logic (Unauthenticated):
This QID sends a crafted request to UDP port to check the version of Cisco SPA 112 Phone Adapter.
An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges.
Solution
Cisco has not released firmware updates to address this vulnerability. Cisco SPA112 2-Port Phone Adapters have entered the end-of-life process. Customers are encouraged to migrate to a Cisco ATA 190 Series Analog Telephone Adapter. For more information please refer to Cisco Security Advisory
Vendor References
- cisco-sa-spa-unauth-upgrade-UqhyTWW -
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW
CVEs related to QID 730795
Software Advisories
| Advisory ID | Software | Component | Link |
|---|