Cisco has warned its users of a security flaw that could lead to remote code execution.
The company doesn't have a patch for the bug yet.
Cisco has released a security update to address a high-severity Remote Code Execution vulnerability in its SPA112 and SPA122 Series Analog Telephone Adapters.
- The vulnerability, tracked as CVE-2022-20523, is caused by a buffer overflow issue in the processing of Session Initiation Protocol packets.
- Attackers can exploit the flaw to execute arbitrary code with root privileges and take control of the vulnerable devices remotely.
- The vulnerability affects devices running firmware versions prior to 1.4.2 (011) for the SPA112 and 1.3.7(015) for the SPA122 series.
-
Cisco has advised customers to update their devices to the latest available firmware versions to address the vulnerability and has also provided a workaround for those who cannot update
immediately.
أضف تعليقاً: