Cisco warns of critical flaw in Emergency Responder code

Trending 1 month ago
  1. Home
  2. Security
  3. Cisco warns of critical flaw in Emergency Responder code

Cisco has issued a information advisory astir a vulnerability successful its Emergency Responder package that would let an unauthenticated distant attacker to log successful to an affected instrumentality utilizing nan guidelines account.

The vulnerability, designated CVE-2023-20101, arises from nan truth that nan guidelines relationship has default, fixed credentials that cannot beryllium changed aliases deleted. Yet again, information done obscurity proves insufficiently obscure.

"This vulnerability is owed to nan beingness of fixed personification credentials for nan guidelines relationship that are typically reserved for usage during development," Cisco explains successful its advisory. "An attacker could utilization this vulnerability by utilizing nan relationship to log successful to an affected system."

And successful truthful doing, nan attacker could login from wherever and execute arbitrary commands arsenic nan guidelines user. Hence nan guidelines CVSS people of 9.8.

Cisco Emergency Responder is designed to activity pinch Cisco Unified Communications Manager to guarantee that emergency calls get routed to a location-appropriate Public Safety Answering Point (PSAP). It supports real-time location tracking, telephone routing, and automatic notification of information unit pinch nan location of nan caller, among different things.

It's not nan benignant of strategy you want taken complete by those pinch malicious intent.

  • IT networks nether onslaught via captious Confluence zero-day. Patch now
  • Cat accused of wiping US Veteran Affairs server info aft jumping connected keyboard
  • Lorenz ransomware unit bungles blackmail blueprint by leaking 2 years of contacts
  • Make-me-root 'Looney Tunables' information spread connected Linux needs your attention

The inclusion of hard-coded credentials is simply a textbook information flaw. Its Common Weakness Enumeration is CWE-798: Use of Hard-coded Credentials - and nan truth that needs a nickname speaks volumes. In 2023, according to information statement MITRE, it ranked 18 among nan apical 25 astir stubborn weaknesses.

MITRE places nan usage of hard-coded credentials into nan class "Weaknesses introduced into a strategy because of a mediocre information architecture aliases mediocre information creation choices."

At slightest Cisco managed to find nan bug "during soul information testing" alternatively than learning astir it from progressive exploitation. It says location are nary workarounds and has released package patches to reside nan issue.

At slightest only 1 peculiar type of nan package is affected: Cisco Emergency Responder Release 12.5(1)SU4. Version 12.5 was released January, 2019.

Prior versions, 11.5(1) and earlier, are not affected. Neither is nan latest version, 14. ®

Related Article

60 US credit unions offline after ransomware infects backend cloud outfit

60 US credit unions offline after ransomware infects backend cloud outfit

22 hours ago
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

1 day ago
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

1 day ago
US readies prison cell for another Russian Trickbot developer

US readies prison cell for another Russian Trickbot developer

1 day ago
Regulator says stranger entered hospital, treated a patient, took a document ... then vanished

Regulator says stranger entered hospital, treated a patient, took a document ... then vanished

1 day ago
Interpol makes first border arrest using Biometric Hub to ID suspect

Interpol makes first border arrest using Biometric Hub to ID suspect

1 day ago

Trending

1. Manchester United
2. Fortnite Chapter 5
3. Marquette basketball
4. Michigan vs Iowa
5. Texas vs Oklahoma State
6. Real Madrid
7. Arsenal vs Wolves
8. Fortnite event
9. Montenegro
10. Jayden Daniels

Popular Article

The Week in Ransomware - December 1st 2023 - Police hits affiliates

The Week in Ransomware - December 1st 2023 - Police hits affiliates

23 hours ago
5 great Christmas TV shows to watch in December

5 great Christmas TV shows to watch in December

23 hours ago
How to keep your laptop battery healthy and extend its life

How to keep your laptop battery healthy and extend its life

23 hours ago
The best movies on Apple TV+ right now (December 2023)

The best movies on Apple TV+ right now (December 2023)

7 hours ago
These developers are doing something amazing with iPhone and iPad apps

These developers are doing something amazing with iPhone and iPad apps

6 hours ago
Where to watch A Christmas Story

Where to watch A Christmas Story

22 hours ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions · Disclaimer ·

©2023 PAK MEDIA BLOG.
All Rights Reserved.