Cisco

Cisco released security updates to fix a Cisco Emergency Responder (CER) vulnerability that let attackers log into unpatched systems using hard-coded credentials.

CER helps organizations respond effectively to emergencies by enabling accurate location tracking of IP phones, allowing emergency calls to be routed to the appropriate Public Safety Answering Point (PSAP).

Tracked as CVE-2023-20101, the security flaw allows unauthenticated attackers to access a targeted device using the root account, which had default, static credentials that could not be modified or removed.

"This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development," Cisco explained in an advisory issued today.

"An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user."

The company says the critical vulnerability only affects Cisco Emergency Responder version 12.5(1)SU4, as shown in the table below.

CER Release Vulnerable Release Fixed Release
11.5(1) and earlier Not vulnerable Not vulnerable
12.5(1) 12.5(1)SU4 12.5(1)SU5
ciscocm.CSCwh34565_PRIVILEGED_ACCESS_DISABLE.k4.cop.sha512
14 Not vulnerable Not vulnerable

Cisco says the hard-coded credentials weakness that allows attackers to bypass the authentication has been discovered during internal security testing.

Its Product Security Incident Response Team (PSIRT) has not discovered information about public disclosures or any malicious exploitation related to the CVE-2023-20101 vulnerability.

There are no workarounds to mitigate this security flaw temporarily, so admins are advised to update vulnerable installations as soon as possible.

Last week, Cisco urged customers to patch a zero-day vulnerability (CVE-2023-20109) targeted by attackers in the wild, affecting devices running IOS and IOS XE software.

Earlier this month, the company issued an alert regarding another zero-day (CVE-2023-20269) in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD), actively exploited by ransomware gangs to breach corporate networks.

US and Japanese law enforcement and cybersecurity agencies also warned of Chinese BlackTech hackers backdooring network devices for initial access to enterprise networks.

Related Articles:

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Maximum severity Flowmon bug has a public exploit, patch now

ArcaneDoor hackers exploit Cisco zero-days to breach govt networks

Critical Forminator plugin flaw impacts over 300k WordPress sites

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks