On October 4, 2023, Cisco published a security advisory disclosing a critical authentication bypass vulnerability (CVE-2023-20101, CVSS: 9.8) in Cisco Emergency Responder. CVE-2023-20101 allows an unauthenticated, remote threat actor to utilize the root account (this account by default has hard coded credentials that cannot be altered) to log into an affected device.
Product | Vulnerability | Affected Release |
Cisco Emergency Responder | CVE-2023-20101 |
12.5(1)SU4 Note: Versions 11.5(1) and earlier, as well as version 14, are not affected. |
This vulnerability was discovered by Cisco during internal security testing. Since its disclosure, Arctic Wolf has not observed active exploitation of CVE-2023-20101 in the wild. Cisco products have become prime targets for threat actors due to the extensive access they can potentially gain within a compromised network. Arctic Wolf recently observed ransomware threat actors targeting Cisco Products; numerous other Cisco vulnerabilities have been exploited by threat actors and added to CISA’s Known Exploited Vulnerabilities catalog.
Recommendation CVE-2023-20101
Upgrade Cisco Emergency Responder to Fixed Release
Arctic Wolf strongly recommends upgrading Cisco Emergency Responder to the latest fixed release.
Product | Affected Release | Fixed Release |
Cisco Emergency Responder | 12.5(1)SU4 | 12.5(1)SU5 ciscocm.CSCwh34565_PRIVILEGED_ACCESS_DISABLE.k4.cop.sha512 |
Please follow your organization’s patching and testing guidelines to avoid operational impact.