Cisco has released security updates to address a critical vulnerability in its Cisco Emergency Responder (CER) system, identified as CVE-2023-20101. This flaw allowed unauthenticated attackers to log into unpatched systems using hard-coded root credentials. CER plays a crucial role in emergency response by facilitating precise location tracking of IP phones and directing emergency calls to the appropriate Public Safety Answering Point (PSAP).
Furthermore, the vulnerability stemmed from static user credentials for the root account, typically reserved for development purposes, and it could enable attackers to execute arbitrary commands with root privileges.
Cisco’s Product Security Incident Response Team (PSIRT) discovered this hard-coded credentials weakness during internal security testing. Fortunately, there have been no reports of public disclosures or malicious exploitation of CVE-2023-20101. Since there are no temporary workarounds to mitigate the flaw, administrators are strongly advised to update vulnerable installations promptly to prevent potential unauthorized access and malicious actions.
This security update comes shortly after Cisco urged its customers to patch a zero-day vulnerability (CVE-2023-20109) that was actively targeted by attackers and affected devices running IOS and IOS XE software.
Additionally, the company had issued a warning about another zero-day vulnerability (CVE-2023-20269) impacting Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD), which was actively exploited by ransomware groups for network breaches.
Law enforcement and cybersecurity agencies in the US and Japan had also cautioned about Chinese BlackTech hackers utilizing backdoors in network devices to gain initial access to enterprise networks, highlighting the ongoing importance of timely security updates and vigilance in the face of evolving cyber threats.