Cisco has warned its users of a security flaw that could lead to remote code execution.

Cisco has warned its users of a security flaw that could lead to remote code execution.  The company doesn't have a patch for the bug yet. Cisco has released a security update to address a high-severity Remote Code Execution vulnerability in its SPA112 and SPA122 Series Analog Telephone Adapters. The vulnerability, tracked as CVE-2022-20523, is caused by a buffer overflow issue in the processing of Session Initiation Protocol packets. Attackers can exploit the flaw to execute arbitrary code with root privileges and take control of the vulnerable devices remotely. The vulnerability affects devices running firmware versions prior to 1.4.2 (011) for the SPA112 and 1.3.7(015) for the SPA122 series. Cisco has advised customers to update their devices to the latest available firmware versions to address the vulnerability and has also provided a workaround for those who cannot update immediately.