Cisco has released a security patch for a serious vulnerability in its Cisco Emergency Responder (CER) software. This software aids organizations in responding effectively to emergencies by providing precise location tracking of IP phones, thus enabling emergency calls to be appropriately routed to the relevant Public Safety Answering Point (PSAP). The vulnerability, identified as CVE-2023-20101, could have allowed unauthenticated attackers to gain access to a targeted device using a root account with default, static credentials that could not be changed or removed.
Cisco elaborated in a recent advisory, 'This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.' The vulnerability is critical and only impacts Cisco Emergency Responder version 12.5(1)SU4.
The vulnerability was discovered during internal security testing. Cisco's Product Security Incident Response Team (PSIRT) has not found any evidence of public disclosures or malicious exploitation related to the CVE-2023-20101 vulnerability. There are no temporary workarounds to mitigate this security flaw, so administrators are advised to update vulnerable installations as soon as possible.
In the previous week, Cisco encouraged its customers to patch a zero-day vulnerability (CVE-2023-20109), which was being exploited by attackers, affecting devices running IOS and IOS XE software. Earlier this month, the company issued a warning about another zero-day (CVE-2023-20269) in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD), which was being actively exploited by ransomware gangs to infiltrate corporate networks.
Law enforcement and cybersecurity agencies in the US and Japan also issued warnings about Chinese BlackTech hackers using backdoors in network devices to gain initial access to enterprise networks.