On October 4, 2023, Cisco published a security advisory disclosing a critical authentication bypass vulnerability (CVE-2023-20101, CVSS: 9.8) in Cisco Emergency Responder. CVE-2023-20101 allows an unauthenticated, remote threat actor to utilize the root account (this account by default has hard coded credentials that cannot be altered) to log into an affected device.
| Product | Vulnerability | Affected Release |
| Cisco Emergency Responder | CVE-2023-20101 |
12.5(1)SU4 Note: Versions 11.5(1) and earlier, as well as version 14, are not affected. |
This vulnerability was discovered by Cisco during internal security testing. Since its disclosure, Arctic Wolf has not observed active exploitation of CVE-2023-20101 in the wild. Cisco products have become prime targets for threat actors due to the extensive access they can potentially gain within a compromised network. Arctic Wolf recently observed ransomware threat actors targeting Cisco Products; numerous other Cisco vulnerabilities have been exploited by threat actors and added to CISA’s Known Exploited Vulnerabilities catalog.
Recommendation CVE-2023-20101
Upgrade Cisco Emergency Responder to Fixed Release
Arctic Wolf strongly recommends upgrading Cisco Emergency Responder to the latest fixed release.
| Product | Affected Release | Fixed Release |
| Cisco Emergency Responder | 12.5(1)SU4 | 12.5(1)SU5 ciscocm.CSCwh34565_PRIVILEGED_ACCESS_DISABLE.k4.cop.sha512 |
Please follow your organization’s patching and testing guidelines to avoid operational impact.
