Cisco Emergency Responder (CER), the company’s emergency communication system used to respond to crises in a timely manner, had hardcoded credentials, allowing hackers with knowledge of this fact easy access to the systems.
The news was confirmed by the company itself, which recently released a new patch to address the problem.
The vulnerability is tracked as CVE-2023-20101 and comes with a severity score of 9.8. “An attacker could exploit this vulnerability by using the account to log in to an affected system,” Cisco said in an advisory. “A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.”
Hardcoded credentials
Hardcoded login credentials aren’t exactly a new thing. Developers sometimes use them to make logging in easier during development. The problem is when the devs forget to remove them before shipping the product out.
The flaw is found in Cisco Emergency Responder 12.5(1)SU4, and those who use it should make sure they bring the software up to version 12.5(1)SU5. Other releases were not vulnerable, it was said.
The good news is that Cisco is under the impression that no one managed to abuse the flaw yet. The company discovered it during internal security testing and has no reason to believe someone beat it to the punch.
However, now that the cat is out of the bag, it’s safe to assume that different threat actor groups will try and abuse the flaw. That is why keeping software up-to-date is one of the most important cybersecurity practices today. Most of cyberattacks and hacks these days are not done through zero-days (flaws for which the developers had zero days to fix), but rather old vulnerabilities that software users never got to patch.
Having endpoint protection solutions, as well as firewalls, installed, wouldn’t hurt, either.
