Security News > 2023 > October > Cisco warns of critical flaw in Emergency Responder code
Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account.
Cisco Emergency Responder is designed to work with Cisco Unified Communications Manager to ensure that emergency calls get routed to a location-appropriate Public Safety Answering Point.
The inclusion of hard-coded credentials is a textbook security flaw.
MITRE places the use of hard-coded credentials into the category "Weaknesses introduced into a system because of a poor security architecture or poor security design choices."
At least Cisco managed to find the bug "During internal security testing" rather than learning about it from active exploitation.
At least only one particular version of the software is affected: Cisco Emergency Responder Release 12.5(1)SU4.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/05/cisco_icritical_emergency/
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)