Cisco Emergency Responder (CER), the company’s emergency communications system used to respond to crises in a timely manner, had hard-coded credentials, making it easy for hackers with knowledge of them to gain access to the systems.
The news was confirmed by the company itself, which recently released a new patch to address the problem.
The vulnerability is tracked as CVE-2023-20101 and comes with a severity score of 9.8. “An attacker could exploit this vulnerability by using the account to log in to an affected system,” Cisco said in an advisory. “A successful exploit could allow the attacker to log into the affected system and execute arbitrary commands as the root user.”
Hardcoded login details
Hardcoded credentials aren’t exactly anything new. Developers sometimes use them to make logging in during development easier. The problem is that the developers forget to remove them before shipping the product.
The flaw was found in Cisco Emergency Responder 12.5(1)SU4, and those using it should make sure they update the software to version 12.5(1)SU5. Other releases were not said to be vulnerable.
The good news is that Cisco believes no one has managed to exploit the flaw so far. The company discovered it during internal security testing and has no reason to believe anyone could have done it.
Now that the cat is out of the bag, however, it is safe to assume that various groups of threat actors will try to exploit the flaw. That’s why keeping software up to date is one of the most important cybersecurity practices today. Most cyber attacks and hacks today are not carried out through zero-days (flaws that developers had zero days to fix), but rather through old vulnerabilities that software users have never been able to patch.
It also doesn’t hurt to install endpoint protection solutions and firewalls.