Home / Threat Intelligence bulletins / Cisco discloses critical Emergency Responder bug

Target Industry

Indiscriminate, opportunistic targeting.


Cisco has released a security advisory regarding a vulnerability in its Emergency Responder software. The flaw, tracked as CVE-2023-20101 (CVSSv3 score: 9.8), allows unauthenticated remote threat actors to log in to an affected system with the root account.

Cisco’s Emergency Responder operates in conjunction with Cisco Unified Communications Manager to route emergency calls to a Public Safety Answering Point (PSAP). The platform supports a variety of features, including real-time location tracking and call routing.


Successful exploitation of CVE-2023-20101 allows unauthenticated remote threat actors to log in to an affected system with the root account, subsequently leading to arbitrary command execution capabilities as the root user and ultimately the compromise of the integrity of data.

Vulnerability Detection

A security patch for this vulnerability has been released by Cisco. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

Cisco Emergency Responder Release 12.5(1)SU4.

Prior versions, 11.5(1) and earlier, are not affected.

Containment, Mitigations & Remediations

It is strongly recommended that users of the affected product version apply the relevant Cisco security patch as soon as possible.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Cisco occupies a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have become a prime target. Due to the fact that Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Common Weakness Enumeration:

CWE-798 – Use of Hard-coded Credentials

Further Information

Cisco Advisory


An Intelligence Terminology Yardstick to showing the likelihood of events