Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

8 months ago AndyC

Oct 05, 2023NewsroomNetwork Security / Software Patch

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded cred

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

Oct 05, 2023NewsroomNetwork Security / Software Patch

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials.

The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static user credentials for the root account that the company said is usually reserved for use during development.

“An attacker could exploit this vulnerability by using the account to log in to an affected system,” Cisco said in an advisory. “A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.”

The issue impacts Cisco Emergency Responder Release 12.5(1)SU4 and has been addressed in version 12.5(1)SU5. Other releases of the product are not impacted.

Cybersecurity

The networking equipment major said it discovered the problem during internal security testing and that it’s not aware of any malicious use of the vulnerability in the wild.

The disclosure comes less than a week after Cisco warned of attempted exploitation of a security flaw in its IOS Software and IOS XE Software (CVE-2023-20109, CVSS score: 6.6) that could permit an authenticated remote attacker to achieve remote code execution on affected systems.

In the absence of temporary workarounds, customers are recommended to update to the latest version to mitigate potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , ,

More Stories

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

2 days ago AndyC
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

2 days ago AndyC
China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

2 days ago AndyC
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

2 days ago AndyC
CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now

CISA Warns of Actively Exploited D-Link Router Vulnerabilities – Patch Now

2 days ago AndyC
New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

3 days ago AndyC

You may have missed

North Korea-linked IT workers infiltrated hundreds of US firms

North Korea-linked IT workers infiltrated hundreds of US firms

16 hours ago AndyC
The who, where, and how of APT attacks – Week in security with Tony Anscombe

The who, where, and how of APT attacks – Week in security with Tony Anscombe

1 day ago AndyC
Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

1 day ago AndyC

Friday Squid Blogging: Emotional Support Squid

1 day ago AndyC

How to Protect Yourself on Social Networks

2 days ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.