Published: 04/10/2023 Updated: 25/01/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote malicious user to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the malicious user to log in to the affected system and execute arbitrary commands as the root user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco emergency responder 12.5\\(1\\)su4

Cisco warns of critical flaw in Emergency Responder code

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Hard-coded credentials strike again

Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account. The vulnerability, designated CVE-2023-20101, arises from the fact that the root account has default, static credentials that cannot be changed or deleted. Yet again, security through obscurity proves insufficiently obscure. "This vulnerability is due to the presence of static user credentials fo...

CVE-2023-20101

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect