Cisco Emergency Responder Vulnerability Let Remote Attacker Login as Root User

Cisco was reported with a critical vulnerability that could allow threat actors to log in to the affected devices as a root account. The CVE for this vulnerability has been given as CVE-2023-20101 and has a severity of 9.8 (Critical).

Cisco has released a security advisory for addressing this vulnerability, and patches have been updated for the affected products. 

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

CVE-2023-20101: Cisco Emergency Responder Static Credentials Vulnerability

This particular vulnerability exists due to static user credentials for the root account configured during development. The root account has default and static credentials that cannot be changed or deleted.

If a threat actor successfully exploits, it could allow them to log in to the affected system and execute arbitrary commands as the root user. 

Affected Products and Fixed Versions

Affected ProductsAffected VersionsFirst Vulnerable ReleaseFirst Fixed Release
Cisco Emergency Responder11.5(1) and earlierNot vulnerableNot vulnerable
Cisco Emergency Responder12.5(1)12.5(1)SU4112.5(1)SU5ciscocm.CSCwh34565_PRIVILEGED_ACCESS_DISABLE.k4.cop.sha512
Cisco Emergency Responder14Not vulnerableNot vulnerable

There are no workarounds for this vulnerability. However, there is no evidence that this vulnerability is being exploited in the wild. 

Cisco has recommended that users of this product upgrade to the latest version of Cisco Emergency Responder to prevent this vulnerability from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.