Get in Touch
Indiscriminate, opportunistic targeting.
Cisco has released a security advisory regarding a vulnerability in its Emergency Responder software. The flaw, tracked as CVE-2023-20101 (CVSSv3 score: 9.8), allows unauthenticated remote threat actors to log in to an affected system with the root account.
Cisco’s Emergency Responder operates in conjunction with Cisco Unified Communications Manager to route emergency calls to a Public Safety Answering Point (PSAP). The platform supports a variety of features, including real-time location tracking and call routing.
Successful exploitation of CVE-2023-20101 allows unauthenticated remote threat actors to log in to an affected system with the root account, subsequently leading to arbitrary command execution capabilities as the root user and ultimately the compromise of the integrity of data.
A security patch for this vulnerability has been released by Cisco. Previous product versions therefore remain vulnerable to potential exploitation.
Cisco Emergency Responder Release 12.5(1)SU4.
Prior versions, 11.5(1) and earlier, are not affected.
Containment, Mitigations & Remediations
It is strongly recommended that users of the affected product version apply the relevant Cisco security patch as soon as possible.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Cisco occupies a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have become a prime target. Due to the fact that Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.
No attribution to specific threat actors or groups has been identified at the time of writing.
Common Weakness Enumeration:
CWE-798 – Use of Hard-coded Credentials