Oct 05, 2023NewsroomNetwork Security / Software Patch

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials.

The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static user credentials for the root account that the company said is usually reserved for use during development.

“An attacker could exploit this vulnerability by using the account to log in to an affected system,” Cisco said in an advisory. “A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.”

The issue impacts Cisco Emergency Responder Release 12.5(1)SU4 and has been addressed in version 12.5(1)SU5. Other releases of the product are not impacted.


The networking equipment major said it discovered the problem during internal security testing and that it’s not aware of any malicious use of the vulnerability in the wild.

The disclosure comes less than a week after Cisco warned of attempted exploitation of a security flaw in its IOS Software and IOS XE Software (CVE-2023-20109, CVSS score: 6.6) that could permit an authenticated remote attacker to achieve remote code execution on affected systems.

In the absence of temporary workarounds, customers are recommended to update to the latest version to mitigate potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Beyoncé está lista para encabezar la taquilla con su película “Renaissance”
23andMe says health data was included in hack that compromised 6.9 million users
Traders ‘were told of Hamas attack on Israel in advance’
Meizu 21 With Snapdragon 8 Gen 3 SoC, 200-Megapixel Cameras Launched: Price, Specifications
Fox News Tops November Ratings; MSNBC Shows Total Day Gains Vs. 2022

Leave a Reply

Your email address will not be published. Required fields are marked *