Cisco Emergency Responder issues patch to clean up hardcoded credentials
Take action: The cat is out of the bag now, and attackers are going to test out the hardcoded credentials automatically. Patch your Cisco Emergency Responder immediately.
Learn More
Cisco has addressed a security vulnerability in Cisco Emergency Responder (CER), an tool for organizations to effectively respond to emergencies by facilitating accurate location tracking of IP phones and ensuring emergency calls are directed to the appropriate Public Safety Answering Point (PSAP).
The vulnerability, tracked as CVE-2023-20101 (CVSS score 9.8), allowes unauthenticated attackers to exploit static, unchangeable credentials associated with the root account, initially intended for development purposes. These credentials could be utilized to log into the affected system, potentially enabling unauthorized access and execution of arbitrary commands as the root user.
The affected version was specifically Cisco Emergency Responder version 12.5(1)SU4.
Cisco released security updates to fix this critical vulnerability. According to the company, this flaw was discovered during internal security testing, and as of the advisory release, there were no reported instances of public disclosures or malicious exploitation related to CVE-2023-20101.
There are no temporary workarounds were available to mitigate this vulnerability. Cisco urged administrators to update vulnerable installations at the earliest opportunity to ensure the security of the affected systems.
