On 4 October 2023, Cisco published a disclosing a critical authentication bypass vulnerability (CVE-2023-20101, CVSS: 9.8) in Cisco Emergency Responder. CVE-2023-20101 allows an unauthenticated, remote threat actor to utilise the root account (this account by default has hard coded credentials that cannot be altered) to log into an affected device.?
?
| Product? | Vulnerability? | Affected Release? |
| Cisco Emergency Responder? | CVE-2023-20101? |
12.5(1)SU4? Note: Versions 11.5(1) and earlier, as well as version 14, are not affected.? |
?
This vulnerability was discovered by Cisco during internal security testing. Since its disclosure, Arctic Wolf has not observed active exploitation of CVE-2023-20101 in the wild. Cisco products have become prime targets for threat actors due to the extensive access they can potentially gain within a compromised network. Arctic Wolf recently observed ransomware threat actors targeting Cisco Products; numerous other Cisco vulnerabilities have been exploited by threat actors and added to CISA¡¯s Known Exploited Vulnerabilities catalog.??
Recommendation CVE-2023-20101?
Upgrade Cisco Emergency Responder to Fixed Release??
Arctic Wolf strongly recommends upgrading Cisco Emergency Responder to the latest fixed release.??
| Product? | Affected Release? | Fixed Release? |
| Cisco Emergency Responder? | 12.5(1)SU4? | 12.5(1)SU5?ciscocm.CSCwh34565_PRIVILEGED_ACCESS_DISABLE.k4.cop.sha512? |
Please follow your organisation’s patching and testing guidelines to avoid operational impact.??
