Cisco Emergency Responder Vulnerability Let Remote Attacker Login as Root User
Cisco used to be reported with a first-rate vulnerability that also can allow menace actors to log in to the affected devices as a root memoir. The CVE for this vulnerability has been given as CVE-2023-20101 and has a severity of 9.8 (Serious).
Cisco has launched a security advisory for addressing this vulnerability, and patches secure been updated for the affected products.
Deploy Evolved AI-Powered Electronic mail Safety Resolution
Imposing AI-Powered Electronic mail security alternatives “Trustifi” can win your industry from at the moment time’s most unhealthy e-mail threats, equivalent to Electronic mail Monitoring, Blocking, Enhancing, Phishing, Story Take Over, Commercial Electronic mail Compromise, Malware & Ransomware
CVE-2023-20101: Cisco Emergency Responder Static Credentials Vulnerability
This disclose vulnerability exists attributable to static individual credentials for the root memoir configured for the length of type. The foundation memoir has default and static credentials that can’t be modified or deleted.
If a menace actor efficiently exploits, it would also allow them to log in to the affected design and impact arbitrary instructions as the root individual.
Affected Products and Mounted Variations
| Affected Products | Affected Variations | First Inclined Liberate | First Mounted Liberate |
| Cisco Emergency Responder | 11.5(1) and earlier | Not susceptible | Not susceptible |
| Cisco Emergency Responder | 12.5(1) | 12.5(1)SU41 | 12.5(1)SU5ciscocm.CSCwh34565_PRIVILEGED_ACCESS_DISABLE.k4.cop.sha512 |
| Cisco Emergency Responder | 14 | Not susceptible | Not susceptible |
There are most likely to be now not any workarounds for this vulnerability. Nonetheless, there isn’t very this type of thing as a proof that this vulnerability is being exploited in the wild.
Cisco has instructed that customers of this product upgrade to basically the most up-to-date version of Cisco Emergency Responder to forestall this vulnerability from getting exploited.
Source credit : cybersecuritynews.com
