A remotely exploitable vulnerability within the Cisco Emergency Responder software program might permit an unauthenticated attacker to log in to an affected machine utilizing the basis account, in response to a warning from the U.S. tech vendor.
The vulnerability, tracked as CVE-2023-20101, carries a CVSS severity rating of 9.8/10 and a “important” tag from Cisco’s security response crew.
From the Cisco advisory:
“A vulnerability in Cisco Emergency Responder might permit an unauthenticated, distant attacker to log in to an affected machine utilizing the basis account, which has default, static credentials that can’t be modified or deleted.”
“This vulnerability is because of the presence of static person credentials for the basis account which are sometimes reserved to be used throughout growth. An attacker might exploit this vulnerability by utilizing the account to log in to an affected system. A profitable exploit might permit the attacker to log in to the affected system and execute arbitrary instructions as the basis person.”
Cisco mentioned the security defect impacts solely Cisco Emergency Responder Launch 12.5(1)SU4.
The San Jose, Calif. firm is urging Cisco Emergency Responder customers to right away apply the out there patches, warning that there are not any workarounds that deal with this vulnerability.
The Cisco Emergency Responder software program works in tandem with the Cisco Unified Communications Supervisor to ship emergency calls to the suitable Public Security Answering Level (PSAP) for a caller’s location.
Accessible within the US and Canadian markets, the software program is used to route emergency calls to an area public-safety answering level (PSAP), alert personnel by electronic mail or telephone of an emergency name to reply to domestically, preserve logs of all emergency calls and supply the PSAP with correct geolocation of the caller in want.
