Cisco releases urgent patch for flaw that could let hackers access Emergency Response Systems

cisco logo
(Image credit: Shutterstock / Ken Wolter)

Cisco Emergency Responder (CER), the company’s emergency communication system used to respond to crises in a timely manner, had hardcoded credentials, allowing hackers with knowledge of this fact easy access to the systems.

The news was confirmed by the company itself, which recently released a new patch to address the problem.

The vulnerability is tracked as CVE-2023-20101 and comes with a severity score of 9.8. "An attacker could exploit this vulnerability by using the account to log in to an affected system," Cisco said in an advisory. "A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user."

Hardcoded credentials

Hardcoded login credentials aren’t exactly a new thing. Developers sometimes use them to make logging in easier during development. The problem is when the devs forget to remove them before shipping the product out.

The flaw is found in Cisco Emergency Responder 12.5(1)SU4, and those who use it should make sure they bring the software up to version 12.5(1)SU5. Other releases were not vulnerable, it was said.

The good news is that Cisco is under the impression that no one managed to abuse the flaw yet. The company discovered it during internal security testing and has no reason to believe someone beat it to the punch.

However, now that the cat is out of the bag, it’s safe to assume that different threat actor groups will try and abuse the flaw. That is why keeping software up-to-date is one of the most important cybersecurity practices today. Most of cyberattacks and hacks these days are not done through zero-days (flaws for which the developers had zero days to fix), but rather old vulnerabilities that software users never got to patch. 

Having endpoint protection solutions, as well as firewalls, installed, wouldn’t hurt, either.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Cisco patches critical security issues, so update now
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
The best free firewall
Palo Alto Networks PAN-OS sees authentication bypass under attack from hackers
China
Salt Typhoon hackers used this clever technique to attack US networks
Latest in Security
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
Latest in News
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Marvel Rivals
Marvel Rivals' next update will add two new hero skins for Iron Man and Spider-Man mains this week
Lego Pokemon
Pokemon and Lego announce the most electrifying collaboration of all time and I’m going to be first in line
Apple Watch app health
Apple Watch blood pressure monitoring tech revealed in patent
Using Zipped files and folders in Windows 11
Hidden clues suggest Microsoft is moving another part of Windows 11’s Control Panel to the Settings app – and this time it’s mouse options
Core Time 2 and COre 2 Duo watches running Pebble OS
Pebble founder announces two new smartwatches, and they're basically the opposite of an Apple Watch in every way