There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit.
In an advisory, Cisco this week warned about the vulnerability in the SPA112 2-Port Adapter that, if exploited, could allow a remote attacker to essentially take control of a compromised device by seizing full privileges and executing arbitrary code.
The flaw, tracked as CVE-2023-20126, is rated as "critical," with a base score o
Cisco confirmed on Wednesday that it was attack by the Yanluowang ransomware group in May, but said the hackers were not able to steal sensitive data or impact the company’s operations.
In a statement to The Record, Cisco said the incident occured on their corporate network in late May and that they “immediately took action to contain and eradicate the bad actors.”
Cet article explique comment trois vulnérabilités supplémentaires ont été découvertes dans le client VPN Cisco AnyConnect pour Windows. Elles ont été trouvées suite au développement d’un exploit pour la CVE-2020-3153 (une élévation de privilèges, étudiée dans MISC n°111). Après un rappel du fonctionnement de ce logiciel, nous étudierons chacune de ces nouvelles vulnérabilités.