Security News > 2023 > October > Cisco fixes hard-coded root credentials in Emergency Responder
Cisco released security updates to fix a Cisco Emergency Responder vulnerability that let attackers log into unpatched systems using hard-coded credentials.
"This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development," Cisco explained in an advisory issued today.
The company says the critical vulnerability only affects Cisco Emergency Responder version 12.5(1)SU4, as shown in the table below.
Cisco says the hard-coded credentials weakness that allows attackers to bypass the authentication has been discovered during internal security testing.
Last week, Cisco urged customers to patch a zero-day vulnerability targeted by attackers in the wild, affecting devices running IOS and IOS XE software.
Earlier this month, the company issued an alert regarding another zero-day in its Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense, actively exploited by ransomware gangs to breach corporate networks.